Connect To HTTP-Endpoint With SQL-Server Authentication?
Apr 24, 2008
Hello,
I created a HTTP-Endpoint on SQL Server 2005. Now I try to call this web service from a c# client but using SQL-Server authentication (i.e. my user is a sql server user but not a windows user). But it doesn't work.
I can connect to the service using a windows user and NTLM authentication. But for some reasons Iwould much prefer if I could use SQL-Server authentication. Is it possible?
Here is how I created the endpoint:
Code Snippet
CREATE ENDPOINT myService
STATE = STARTED
AS HTTP(
PATH = '/services',
AUTHENTICATION = (INTEGRATED ),
PORTS = ( SSL ),
SITE = '*'
)
FOR SOAP (
WEBMETHOD 'GetStuff'
(name='MyDB.dbo.FKT_getStuff',
SCHEMA=STANDARD ),
WSDL = DEFAULT,
LOGIN_TYPE = MIXED,
SCHEMA = STANDARD,
DATABASE = 'MyDB',
NAMESPACE = 'Services'
);
GO
I am just about ready to tear my hair out on this one, at this point you guys are my last resort! Wouldn't it be nice if I could go to bed and have an answer for me in the morning....
I've had a working HTTP endpoint using Basic Authentication over SSL for months in our development environment, but now I'm moving our application to a production server and I'd like to be able to use Digest Authentication in the clear instead so the processor doesn't waste cycles on the SSL decryption. I've spent hours fiddling with my endpoint to no avail.
This is the closest message relating to what I'm doing that I've been able to find: http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=1131251&SiteID=1
In my case, the SQL Server is joined to a domain that is entirely Windows Server 2003 - no Windows 2000, so support for Digest Authentication is a non-issue. I'm also explicitly doing a GRANT CONNECT on my endpoint to the domain user I'm using. Here is the top of my CREATE ENDPOINT DDL:
I am debugging using wfetch 1.3... I can get this to work using NTLM Authentication; sending a GET to my endpoint with the ?wsdlsimple querystring parameter returns my WSDL just fine.
But Digest just doesn't want to work! If I remove NTLM from my AUTHENTICATION directive and try using Digest with wfetch or from my (PHP) web service consumer I get an HTTP 401 no matter what I do. I've tried fiddling with the DEFAULT_LOGON_DOMAIN, AUTH_REALM, and anything else I can think of.
The errors I am sporadically finding in the SQL Server error log are:
HTTP authentication failed. [CLIENT: 192.168.245.238] from source Logon
Followed by:
Error: 26026, Severity: 14, State: 1. from source Logon
I can't find any detail about the second error.
........
Just occurred to me that I've also been trying to view my WSDL directly in IE, and this is what's causing the SQL error to be logged, not wfetch - that's why it appeared sporadically.
So, wfetch isn't causing an 'HTTP authentication failed' error, but Internet Explorer is... maybe Digest Authentication isn't implemented correctly in wfetch?
Regardless... I'm still not able to authenticate from IE or from my client, but this may shed some more light on the issue.
I created a HelloWorld like example using InforPath 2007 and endpoint with SQL Server 2005. Very simple example.
I created a stored procedure that took in one parameter, a datetime field. This parameter is then inserted into a db table that has two columns, an id column and a datetime column.
I took the store procedure just discribed to create an endpoint. Cool. The WSDL is showing, I'm feeling good.
I go to InfoPath and make it so that submit a datetime to the webmethod associated with the endpoint. The data table shows one more row has been added and it is the datetime I sent from InfoPath. YEA!! I go to the Event View and see that I have an error message. The message is HTTP authenticaiton failed. [CLIENT: 10.8.2.26]. Bummer!!
This does not make sense to me. I am able to update the targeted database table but I get an exception. I do not like exceptions nor warnings without an explanation. Does anyone have an idea why this is happening?
I had to give up for the project I am currently working because of time constraints. But in the future, for out-of-the-box functionality for proof-of-concept/prototyping, I would like to use endpoints.
I appologise that incarnations of this topic have been posted several times on this forum, however I cannot find a scenario that is the same as my own so I've resorted to starting a new thread.
I can successfully create and connect remotely to an HTTP EndPoint on my Windows 2003 machine using Integrated security, the administrator username and password via my static IP address.
I have read that Windows XP SP2 supports HTTP EndPoints, and it would be much more convenient for me to be able to create EndPoints in XP, and connect remotely.
I have created the endpoint like so...
CREATE ENDPOINT sql_tvr10 STATE = STARTED AS HTTP( PATH = '/sql/tvr10', AUTHENTICATION = (INTEGRATED), PORTS = (CLEAR))
In visual studio I can retrive a list of services running at http://localhost/sql/tvr10?WSDL absolutely fine. However, in Visual Studio on the remote machine, I cannot connect to http://194.106.11.11/sql/tvr10?WSDL - it prompts me for a username and password, however I cannot select the username - it is set to "Athlon64Guest" (Athlon64 is my server computer name). I have no passwords on any of my windows accounts (except administrator), and I have no database passwords set.
Could someone please tell me how I should go about accessing the HTTP EndPoint?
Just so it is clear, I am running a small LAN with no domain, just a workgroup. I need the client application to be able to connect via http regardless of which network it is on. I am using VS2005 and SQL Server 2005 Dev Ed.
I have created an EndPoint in SQL Server 2005 as per the code below.
CREATE ENDPOINT OSTC_LMS_Endpoint
AUTHORIZATION LMSEndPointUsers
STATE = STARTED
AS HTTP(
PATH = '/ostc_sql_endpoint',
AUTHENTICATION = (BASIC),
PORTS = (SSL),
SITE = 'OSTC-DEV-001'
)
FOR SOAP (
WEBMETHOD 'ostc_SQLSoapTester'
(name='OSTC_LMS_06.dbo.ostc_SQLSoapTester',
FORMAT = ROWSETS_ONLY,
SCHEMA=STANDARD),
WSDL = DEFAULT,
LOGIN_TYPE = MIXED,
SCHEMA = STANDARD,
DATABASE = 'OSTC_LMS_06',
NAMESPACE = 'http://tempUri.org/'
)
GO
USE master
GRANT CONNECT ON ENDPOINT::OSTC_LMS_Endpoint
TO [LMSEndPointUsers]
GO
USE master
GRANT CONNECT ON ENDPOINT::OSTC_LMS_Endpoint
TO [ostc-dev-001endPointUsers]
GO
----------------------------------------------------------------------------------------------------------------- The SPROC being exposed as the webmethod: -
The computer in question is our dev server and is running as a workgroup machine with the following: - Win Server 2003 SQL Server 2005 .net Framework 2.0 No firewalls or Proxies are in the way.
The computer has to be as a workgroup machine to reflect our live server.
The user LMSEndPointUsers is a SQL Server Login The user ostc-dev-001endPointUsers is a machine login
We have employed the Security class as per the information given in the SQL Server documentation with the intention of using the WS-Security headers that apparently are to be used when trying to authenticate using a SQL Server login.
I have the need to have a client application connect to a remote database server for retrieval of large datasets (~13000 rows at time) and am trying to leverage existing technologies to build my solution.
To test the difference in retrieval times I created 2 test apps - testA and testB. I created an HTTP endpoint in SQL Server (2005) that exposes one web method corresponding to a sproc that executes one select query and configured testA to execute query and bind the results to a data grid. I exposed my SQL Server so that I could connect directly to the SQL Server using a connection string and configured testB to execute the same SQL statement in an ad-hoc fashion, binding the results to a data grid.
On average, the HTTP endpoint would take ~ 34 seconds to return the 13,000 row data set whereas the direct connection returned that same result set in 4 seconds or less.
I have a bunch of questions: * Why would I be seeing such a dramatic difference in the retrieval times? * How is SQL Server communicating when there is a direct connection? * What are the immediate disadvantages to connecting directly to the remote SQL Server? * If I were to consider allowing my client application to communicate directly with the SQL Server, is there any way to secure the communication without VPN? * In addition, is it even possible to create a SQL login that has all of these requirements? ** select and update only ** cannot view schema (cannot connect to the SQL Server using SQL Server Management Studio) ** cannot view any system tables ** cannot retrieve any information about the schema of the database whatsoever
I guess I'm wondering if there is a way to overcome the obvious serialization overhead that comes with the HTTP endpoint to get the speed of the direct connection while being secure at the same time. Is that being greedy? :P
Anyhow, what are your opinions? I'm very interested to hear experiences and/or advice.
I'd like to know how can I setup the SSL so I can secure my HTTP Endpoint.
I saw in the documentation that some settings such as SSL_PORT and PORTS should be set to SSL port number and SSL but I did not find out anywhere where they explain how to enable SSL.
Do we enable SSL the same way we enable it or SQL Server 2005 or does that have to be done through the MMC - Certificates.
I don't have any IIS server running on this server, so I was wondering if IIS is a requirement to generate and import the certificate.
I met some problems when I walk through a example for Native Http SOAP in SQL Server 2005 for Developers. after I create the HTTP EndPoint in the Management Studio using following code:
USE AdventureWorks GO
CREATE PROCEDURE EmployeePhoneList AS SELECT C.LastName, C.FirstName, C.Phone FROM Person.Contact AS C INNER JOIN HumanResources.Employee AS E ON C.ContactID = E.ContactID ORDER BY C.LastName, C.FirstName GO
DROP ENDPOINT HRService; GO
CREATE ENDPOINT HRService STATE = STARTED AS HTTP ( PATH='/HumanResources', AUTHENTICATION=(INTEGRATED), PORTS=(CLEAR) ) FOR SOAP ( WEBMETHOD 'EmployeePhoneList'(name='AdventureWorks.dbo.EmployeePhoneList'), DATABASE='AdventureWorks', WSDL=DEFAULT )
then I can see the web service is indeed created by using following cmnd,
SELECT * FROM sys.endpoints
SELECT * FROM sys.soap_endpoints;
SELECT * FROM sys.endpoint_webmethods;
but when I want to use the web service in the VS2005, I can't find it and add the web reference. Any help will be greatly appreciated. and could you please tell me how to check web services in the local computer? Thanks.
I am testing using Web Services from SQL Server 2005 and am having problems with IE Authentication when I try to retreive the WSDL.
The basic scenario is:
I create the Web Service and initially can view the WSDL using Http:ServernamePath?wsdl and also can consume the Web Service in a DotNet app. However after a period of 2 hours or more the the WSDl starts asking for authentication but I cannot determine what authentication or rights are required
In an earlier post http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=1175161&SiteID=1 Jimmy Wu mentions "IE prompted me for my user credentials and after entering the information I was able to retrieve the WSDL doc".
What are the user credentials required and how do you set permissions to avoid these. This forum post is the only place I have seen where any mention is made of some additional credentials being needed.
I need to enable digest authorization on an HTTP endpoint, because the integration tools for some java code that needs to connect to it does not support NTLM or kerberos - only digest and basic. I setup a test endpoint in order to test only digest authorization (as opposed to the final endpoint which needs both digest and integrated), but I can't even get that to work - when I point my browser to it to see the wsdl it pops up with the login box, but the login always fails.
I have the feeling I'm missing some very minor piece that will just make the whole thing work. Below are some log entries as well as the script to create the test endpoint I'm hitting. Any ideas are very welcome, I've banged my head on this one for far too long.
SQL Server error logs shows a "Error: 26026, Severity: 14, State: 1" entry followed by a "HTTP authentication failed" entry.
Event Log Security entry on the server:
Logon Failure:
Reason: An error occurred during logon
User Name: MyUserName
Domain: mydomain
Logon Type: 3
Logon Process: WDIGEST
Authentication Package: WDigest
Workstation Name: -
Status code: 0xC000006D
Substatus code: 0xC00000FE
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: -
Source Port: -
Test endpoint script:
CREATE ENDPOINT [DigestTest]
STATE=STARTED
AS HTTP (PATH=N'/DigestTest', PORTS = (CLEAR), AUTHENTICATION = (DIGEST), SITE=N'SRV001',
I just want to be 100% sure about something. Certificates generated for use with service broker endpoints must be generated in the maste database, correct?
What are the implecations of the master key is changed for the master database ?
I have service broker working 100% with an initiator - forwarder - target, all in the same domain using windows authentication on the endpoints, for all instances' the sql server service run under the same domain account, which in turn is granted connect on the various endpoints. This all works 100%
However i have a scenario where the initiator will be in a different trusted domain.
I need to know if i am correct in thinking that the initiator sql server servcie account can run under DomainAsqlservice, the target instance sql server servcie can run under DomainBsqlservice, then on the forwarder i simply grant connect on the forwarder endpoint to both DomainAsqlservice and DomainBsqlservice.
This one has really stumped me! I set up HTTP to connect to an Analysis Services cube within an ASP .NEt application. On inititial setup it worked well and I was able to connect and view the data in my ASP application.
However, for NO reason that I can see it is now coming up with the following error:
Either a connection cannot be made to the localhost server, or Analysis Services is not running on the computer specified.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Runtime.InteropServices.COMException: Either a connection cannot be made to the localhost server, or Analysis Services is not running on the computer specified.
I have tried everything I can think of to fix it but can't get it to work. I have even gone through the technet document titled "Resolving Common Connectivity Issues in SQL Server 2005 Analysis Services Connectivity Scenarios" but it hasn't helped.
I am using SQL Server (Analysis Services) 2005 and ASP .NET 2.0. The application is developed in VS 2005.
i am trying to consume an webservice which under secure layer (HTTPS)
eg: https://test.com/test.asmx
i'm connected thro' a proxy server.
when i use the same url in IE it works fine, but when i connect thro' http connection manager it always throws me a error saying "unable to connect to remote server "
can anyone provide me solution to over come this problem
hi all, i have SQL 2205 with SP1 installed on my machine. and i m not bale to connect to Report Server using SQL management studio as well as from web.
i have installed reporting server and database on same machine. i tried using
but i am not bale to connect i am getting "Service Unavailable" page.
and when i try to connect using SQL Management Studio with "servername/instance" as well as "http://localhost/reportserver" i am getting a error saying.
=================================== Cannot connect to http://localhost/reportserver.The request failed with HTTP status 503: Service Unavailable. (Microsoft.SqlServer.Management.UI.RSClient)
===================================
but if i try and connect to other reporting server on other machine using web http://servername/reportserver i m able to connect it. but dont know whats the problem on my machine.
I want to distribute my sql server express database file ( .mdf ) with my application. The only connection I can use is the Windows Authentication but I need a Sql Server Authentication with which I can use a username and a password. I tried Sql Server Management Studio Express but no way Can anybody supply a step by step tutorial on how to achieve this? All the examlpes I could find in internet were using Windows Authentication, that's also interesting and painful Thanks for any help guys.
Hello , i m new to SQL Server when i am connecting it shows me error "An error has occured while establishing a connection to the server.When connecting to SQL Server 2005,this faliure may be caused by the fact that under the default settings SQL Server does not allow remote connections.(provider: SQL Network Interfaces,error:26-Error Locating Server/Instances Specified)(Microsoft SQL Server)"
please help me as soon as possible, Thanks in advance
Can someone point me at an article that tells how to allow the ASP.net worker process to connect, via windows authentication, to a remote sql server instance ?
We have SQL server 2000 on windows 2000. From our desktop MS Access was connected to database through ODBC. Since yesterday (after our consultant had updated another asp application in the same server) we are getting €œSQL Server Error: 18452. €¦.. Login failed for user €˜(null)€™. Reason: not associated with a trusted SQL Server connection. €œ
The consultant saying he did not touch any settings on server (?). And the problem is even server€™s security property shows it has mixed mode authentication. But I cannot connect to server even through my SQL server enterprise manager in windows authentication mode. I can connect if I use SQL server authentication. Through ODBC I can connect also and test fine, if I use SQL authentication. But the Access application wouldn€™t connect using SQL authentication in ODBC.
So, can any one help me to find out what else could be done to make sure that the server is going to accept windows authentication. I€™m thinking any other settings or registry change €¦ etc. Please help.
We have see login failures for windows accounts. Below is the error message.
Description: In our env most logins are windows accounts. Initially we thought it is an UAC issue and we tried to launch the SSMS using "Run as Administrator". However, we are seeing login failures.
Enviroment: Microsoft SQL Server 2014 - 12.0.2402.0 (X64) RTM Enterprise Edition (HyperVisor)
Error Message in Error Log :
2015-08-10 22:36:45.290 Logon Error: 18456, Severity: 14, State: 11. 2015-08-10 22:36:45.290 Logon Login failed for user 'domainloginname'. Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors. [CLIENT: 10.xxx.xxx.xxx]
[code]....
We tried dropping this account and re-creating the windows account with same permissions but still result is same. It throws same error message. Login failure message !!!
I looked online and couldn't find anything to help me make this change. I want to change the default URL for reporting services to another url. Is this possible? Any assistance would be greatly appreciated.
I just upgraded from Windows XP Pro to Windows Vista Bussiness and tried to reinstall SQL Server 2005 Developers Edition. After the installation i downloaded (using microsoft windows update) and installed all the service packs for sql and vista available.
My problem is when i open sql server management studio and try to connect to my default instance using windows authentication and database engine, an 18456 error occurs.
I enabled all the protocols and all the ports I disabled windows firewall and antivirus (eset nod32) I installed all service packs available I have also installed Visual Studio 2005 without installing sqlexpress
But nothing happens!
Please i am very desperate, any information will be gratefully accepted.
This is my installation Information
Code Snippet
Microsoft SQL Server Management Studio 9.00.3042.00 Microsoft Analysis Services Client Tools 2005.090.3042.00 Microsoft Data Access Components (MDAC) 6.0.6001.18000 (longhorn_rtm.080118-1840) Microsoft MSXML 3.0 5.0 6.0 Microsoft Internet Explorer 7.0.6001.18000 Microsoft .NET Framework 2.0.50727.1434 Operating System 6.0.6001
I have a login page that checks the given userid/password against ADSI and redirects the user if successful. My problem seems to come when I try to connect to the SQL database with the user's NT credentials. I have the user's NT account setup in SQL, have anony. disabled in IIS, using Integrated Windows Security in IIS, and am using the following connection string:
I also have this entry in my Web.Config file: <identity impersonate="true" />
Actually, it seems to connect OK, but I can not select any data. I just receive "Select permission denied...." errors even though the user has been given these permissions in SQL.
I am unable to connect to my local sql server express db. I would like to test my app and its not connecting. It works when I use windows authtentication Trusted_Connection=yes but not when i use: user id=sdvaid; password=sdavid
Dim conn As SqlConnection = New SqlConnection(connectionString) Dim cmd As SqlCommand = New SqlCommand("select * from Users", conn) cmd.CommandType = CommandType.Text Try conn.Open() cmd.ExecuteNonQuery() Catch ex As Exception Response.Write(ex.ToString()) Finally
conn.Close() End Try
thanks.
Here is the error: "SQL Server does not exist or access denied."
Just spoke w/ our network admin and he mentioned that we use SPI, so being brand new to ASP, i did some googling and found this string:
the username and password is the account i have for the database, which is windows authentication, so i made sure the domain was in there. i am unsure of what i am doing wrong.
I'm trying to connect to a database using my virtual machine, where I´m logged in as another user than the one that's granted acccess to the database. Can I enter the windows username and password used to connect to my SQL 2005 database, in Windows Authentication Mode?
Hello, I have several SQL 2000 logins on our servers. I removed the builtin/ groups and only have SQL authentication users, although the server is operating in "Mixed Mode". How can I secure this? I don't understand how we can just connect to any DB without ever being asked to log in. Let me know if you can help. Thanks.
hi guys, do you know if we can use sql authentication to connect to SSIS through SSMS. right now it's only windows authentication, and SQL authentication is grayed out.
Not sure if this question has already been answered because it sounds like easy question.
I am not able to connect to SQL Database server using windows authentication when I am connected through VPN connection.However I am able to connect to same server using SQL server authentication and also able to do RDP to DB server machine.
I found a resolution in one of the forum suggesting to change UserRasCredentials to 0 value in *.pdk file.Since VPN connection which I am using generates instant proxy this resolution doesn't work.
Also application which I am using does windows authentication connection it is required for me to impersonate windows authetication when connected using VPN.
