Integrated Security: Preventing Access Via Unauthorized Applications
Feb 20, 2008
Hi €“
We have built a .NET on SQL Server application with extensive business functionality and security. It uses SQL integrated security to control logon and access to the database objects. There is business logic built into the .NET code, so I don€™t want any chance that users access the tables directly through a tool such as Management Studio - many users need update, delete, insert on tables in order to use the applications functions. With integrated security they can logon through SQL Management Studio and change data in the tables directly.
How are people who are using integrated security for their business applications preventing logons through unauthorized tools or applications?
Peter
View 1 Replies
ADVERTISEMENT
Apr 6, 2000
I am using mixed security on the SQL server and have an NT group 'NT_GROUP'.
The login for 'NT_GROUP' has been added to SQL server and has been explicitly granted access to only one database.
Using access database project (ADP), a user in the group is able to gain access to other databases (master, tempdb, msdb, etc.) as well.
It is very important to be able to prevent this access.
Thanks in advance for your help.
View 1 Replies
View Related
May 11, 2007
Hello,
I'm new to ASP, but developping in Sql for years.
What we would like to have is that the user is accessing the database over it's own Windows Logon. Our triggers log quite some changes and are using UserName() for this. I've treid to force the IIS to accept Windows Integration only, the SqlDataSource users a connection that has Integrated Security = True. But when connection to the site i'm gatting error that there is no trusted connection for the user . (dot) ...
I suppose i'm missing something but could you give me a hint where to start looking..... THX
View 3 Replies
View Related
Oct 19, 2007
If I am posting to the wrong forum, please point me in the right direction.
We have upgraded to SQL Server 2005 and Window 2003 from SQL Server 2000 and Windows 2000, and have been having all kinds of problems with security of our web applications. We have been forced to put the system account of the web server as a user in the database in order for the web applications to work. We have lost the ability to control security at the user/role level. Is this the way security is going to work in Windows 2003/SQL Server 2005? How do I use integrated security so that I can secure web pages and database objects?
Thanks
View 4 Replies
View Related
May 12, 2008
I know from searching this forum that there have been many variations of the issue I'm currently suffering, but I haven't found anything quite like mine or a solution to solve it. The issue I'm running into is that I am unable to log on to Reporting Services using Management Studio or the web interface when Windows Integrated Security is enabled. I have full functionality using basic security, but the risks involved make it impossible to deploy basic authentication out into production. The error I'm receiving in Management Studio is The request failed with HTTP status 401: Unauthorized. (Microsoft.SqlServer.Management.UI.RSClient). I recieve the same error when I try the web interface.
I've looked the most recent logfile in WindowsSystem32LogFilesW3SVC1 and these entries match up to the time I attempted my authentication.
Code Snippet
2008-05-12 20:30:42 <Edited: Server IP> GET /reports - 80 - <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 2 2148074254
2008-05-12 20:30:42 <Edited: Server IP> GET /reports - 80 DomainUserName <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 301 0 0
2008-05-12 20:30:42 <Edited: Server IP> GET /reports/ - 80 - <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 2 2148074254
2008-05-12 20:30:46 <Edited: Server IP> GET /reports/home.aspx - 80 DomainUserName <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 302 0 0
2008-05-12 20:30:46 <Edited: Server IP> GET /reports/Pages/Folder.aspx - 80 - <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 2 2148074254
2008-05-12 20:30:47 127.0.0.1 POST /ReportServer/ReportService2005.asmx - 80 - 127.0.0.1 - 401 2 2148074254
2008-05-12 20:30:47 127.0.0.1 POST /ReportServer/ReportService2005.asmx - 80 - 127.0.0.1 - 401 1 0
2008-05-12 20:30:47 127.0.0.1 POST /ReportServer/ReportService2005.asmx - 80 - 127.0.0.1 - 401 1 2148074248
2008-05-12 20:30:49 127.0.0.1 POST /ReportServer/ReportService2005.asmx - 80 - 127.0.0.1 - 401 2 2148074254
2008-05-12 20:30:49 127.0.0.1 POST /ReportServer/ReportService2005.asmx - 80 - 127.0.0.1 - 401 1 0
2008-05-12 20:30:49 127.0.0.1 POST /ReportServer/ReportService2005.asmx - 80 - 127.0.0.1 - 401 1 2148074248
2008-05-12 20:30:50 <Edited: Server IP> GET /reports/Pages/Folder.aspx - 80 DomainUserName <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 500 0 0
2008-05-12 20:30:50 <Edited: Server IP> GET /Reports/js/ReportingServices.js - 80 - <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 2 2148074254
2008-05-12 20:30:50 <Edited: Server IP> GET /Reports/js/ReportingServices.js - 80 DomainUserName <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 200 0 0
2008-05-12 20:30:54 <Edited: Server IP> GET /Reports/styles/ReportingServices.css - 80 - <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 2 2148074254
2008-05-12 20:30:54 <Edited: Server IP> GET /Reports/images/blank.gif - 80 - <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 2 2148074254
2008-05-12 20:30:54 <Edited: Server IP> GET /Reports/images/blank.gif - 80 DomainUserName <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 200 0 0
2008-05-12 20:30:54 <Edited: Server IP> GET /Reports/images/48error.jpg - 80 - <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 2 2148074254
2008-05-12 20:30:54 <Edited: Server IP> GET /Reports/styles/ReportingServices.css - 80 DomainUserName <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 200 0 0
2008-05-12 20:30:54 <Edited: Server IP> GET /Reports/images/48error.jpg - 80 DomainUserName <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 200 0 0
2008-05-12 20:31:07 127.0.0.1 GET /reports/ - 80 - 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 2 2148074254
2008-05-12 20:31:07 127.0.0.1 GET /reports/ - 80 - 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 1 0
2008-05-12 20:31:13 127.0.0.1 GET /reports/ - 80 - 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 2 2148074254
2008-05-12 20:31:13 127.0.0.1 GET /reports/ - 80 - 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 1 0
I tried to highlight one of each of the HTTP errors I am getting. 401.2 and 401.1 are the ones I kind of expected, but have no idea why I'm getting them. The 500 0 error is a bit troubling, because unless I'm mistaken thats a server side error.
Here's my current setup. As far as I can tell, I've done everything to set up correctly for Windows Integerated security.
My Specs
The server machine running all SQL 2005 services. It resides in a domain. All Clients are in the same domain.
Intel Dual Processor 3.20 gig Xenon
Windows Server 2003 w/ SP2
Microsoft Sql Server 2005 w/ SP2
Reporting Services Setup
The virtual directories Reports and ReportServer are set to Windows Integrated Security with Anonymous Access disabled. All other checkboxes in Directory Security are unchecked. For permissions in Reports, I have:
Administrators (servernameAdministrators) - Full Control
ASP.NET Machine Account - Modify, Read & Execute, List Folder Contents, Read, Write
Authenticated Users - Modify, Read & Execute, List Folder Contents, Read, Write
Creator Owner - No permissions
Domain Users - Read & Execute, List Folder Contents, Read
SQLServer2005ReportingServices]WebServiceUsers$... - Read & Execute, List Folder Contents, Read
SQLServer2005ReportServerUsers$... - Read & Execute, List Folder Contents, Read
SYSTEM - Full Control
Users (CompNameUsers) - Read & Execute, List Folder Contents, Read
In ReportServer I have the same permissions except Authenticated Users is absent.
At one point, I even added the account Everybody and gave it full control, and I still recieved a HTTP 401 error. Any help at what I might be missing would be a godsend.
Thanks.
View 1 Replies
View Related
Feb 28, 2007
Sorry for the long post, but I'm trying to include as much info as possible.
I'm having trouble getting SQL Server 2005 Reporting Services and MOSS 2007 working together in integrated mode. Everything seems to be ok, but we get a 'HTTP 401 Unauthorized' error when using the 'Set server defaults' link from MOSS 2007 Central Administration. None of the other links give this error, but I'm not sure whether MOSS just eats the error message...
Here's the background:
Sql Server 2005 is installed on a separate box, let's call it SERVER1. This Sql Server hosts both the MOSS content database as well as the reporting services database.MOSS 2007 is installed on a different box, let's call it SERVER2I've installed all the required components for both boxes with no installation errorsSSRS seems to be running fine on SERVER1. Report Manager can be used directly with a browser in native mode.SSRS also *seems* to be running fine in Integrated mode, i.e. I can create a reporting database for integrated mode:
The url http://host/ReportService/ReportService2006.asmx responds normally when I access it through browser using my domain credentialsThe url http://host/Reports/ returns a message saying that I can't access it in integrated mode, which, I take, is normal
MOSS is running ok on SERVER2
I can see that SERVER1 is in the same farm after I've installed WSS3.0 on SERVER1Also I can see the "Reporting Services" section in Central Administration
So all in all, everything seems to be ok. However, when I try to use the 'Set server defaults' link from MOSS Central Administration I get an 'HTTP 401 Unauthorized' error. I'm assuming clicking this link will result in MOSS calling the Reporting Services' SOAP endpoint ReportService2006.asmx which now seems to be the culprit. Here's why I think so:
Whenever this occurs, the IIS logs on SERVER2 show that someone from SERVER1 is indeed trying to connect to ReportService2006.asmx, but I'm not seeing any user credentials being passed (whenever I access the asmx through my web browser, the credentials I entered in the browser are recorded in the log). Furthermore, the Event Viewer on SERVER2 shows Audit Failure (code 529) events occurring every time I get the HTTP 401 error.
The Event viewer's message is as follows:
Logon Failure: Reason: Unknown user name or bad password User Name: Domain: Logon Type: 3 Logon Process: Kerberos Authentication Package: Kerberos Workstation Name: - Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: <SERVER1 IP> Source Port: <PORT>
From the Event Viewer message and the IIS log it would seem like my MOSS is trying anonymous access whenever it tries to access the SSRS SOAP endpoint, which of course results in a 401, since anonymous access is not allowed. Please note that if I enable anonymous access in the Reporting Services' virtual directories (just for testing), I get a different error. This indicates that the HTTP 401 indeed originates from this particular web service call.
I've heard that SPS2003 and Reporting Services don't like each other on the same box, but this is hearsay. Does anyone know if this is a confirmed fact? This box does have SPS2003 and SSRS2005 installed. I tried to uninstall the SPS2003 but that didn't help anymore.
I noticed someone having similar issues in another thread, but I
didn't see resolutions. I'm pretty baffled as to whether
this is a problem with the MOSS Add-in or the Reporting Services
installation.
Any input on this issue is very much appreciated. I'll try to also include a follow-up if we're able to get this working ourselves.
View 20 Replies
View Related
Dec 4, 2014
I use from sql server 2008. and c#
what is the best connectionstring?
I don't know if i use Persist Security Info and Integrated Security or not?
And if yes then their value must be true or false?
View 1 Replies
View Related
Apr 26, 2007
hi i want to know what is the differance between
Persist Security Info=False;Integrated Security=Yes;
View 1 Replies
View Related
Jul 6, 2007
I have Sql Server Express installed on Vista (service pack 2)
I have Visual Studio 2005 with an application that I'm trying to access it with within a WCF service.
The login ID of the service is added to the database.
The database has remote access turned on.
The ID is granted access to all databases within the server.
The thread is being set with WindowsProvider and the services set their thread to WindowsProvider.
The dataserver is set with using Windows Authentication for security.
When I open my connection to the database, though, it reports the typically useless message that the connection is not allowed and that the server may not allow remote connections.
How to I get past this? I've done everything right.
View 1 Replies
View Related
Feb 12, 2007
I'm attempting to setup the defaco MS security for membership and roles, using a newly created database under SQL 2005 (not express). I created the database using the aspnet_regsql.exe utility and that worked fine. I created my provider connection string logging in as 'sa' wit the proper password. All that seemed to work okay too. However when I attempt to change any of the settings like setting the authentication type or enabling roles, I get the follwing error message: The following message may help in diagnosing the problem: Attempted to perform an unauthorized operation. at System.Security.AccessControl.Win32.SetSecurityInfo(ResourceType type, String name, SafeHandle handle, SecurityInfos securityInformation, SecurityIdentifier owner, SecurityIdentifier group, GenericAcl sacl, GenericAcl dacl) at System.Security.AccessControl.NativeObjectSecurity.Persist(String name, SafeHandle handle, AccessControlSections includeSections, Object exceptionContext) at System.Security.AccessControl.NativeObjectSecurity.Persist(String name, AccessControlSections includeSections) at System.Security.AccessControl.FileSystemSecurity.Persist(String fullPath) at System.IO.File.SetAccessControl(String path, FileSecurity fileSecurity) at System.Configuration.Internal.WriteFileContext.DuplicateTemplateAttributes(String source, String destination) at System.Configuration.Internal.WriteFileContext.DuplicateFileAttributes(String source, String destination) at System.Configuration.Internal.WriteFileContext.Complete(String filename, Boolean success) at System.Configuration.Internal.InternalConfigHost.StaticWriteCompleted(String streamName, Boolean success, Object writeContext, Boolean assertPermissions) at System.Configuration.Internal.InternalConfigHost.System.Configuration.Internal.IInternalConfigHost.WriteCompleted(String streamName, Boolean success, Object writeContext, Boolean assertPermissions) at System.Configuration.Internal.InternalConfigHost.System.Configuration.Internal.IInternalConfigHost.WriteCompleted(String streamName, Boolean success, Object writeContext) at System.Configuration.Internal.DelegatingConfigHost.WriteCompleted(String streamName, Boolean success, Object writeContext) at System.Configuration.UpdateConfigHost.WriteCompleted(String streamName, Boolean success, Object writeContext) at System.Configuration.MgmtConfigurationRecord.SaveAs(String filename, ConfigurationSaveMode saveMode, Boolean forceUpdateAll) at System.Configuration.Configuration.SaveAsImpl(String filename, ConfigurationSaveMode saveMode, Boolean forceSaveAll) at System.Configuration.Configuration.Save(ConfigurationSaveMode saveMode) at System.Web.Administration.WebAdminPage.SaveConfig(Configuration config) at ASP.security_setupauthentication_aspx.UpdateAndReturnToPreviousPage(Object sender, EventArgs e) at System.Web.UI.WebControls.Button.OnClick(EventArgs e) at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) at System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) at System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)Anyone have any clue why this is happening? Do I need to add something to the database as far as users/roles go? I figured 'sa' would have free roam, but something permission-wise just isn't jiving.
View 2 Replies
View Related
Sep 5, 2007
if one connects to SQL server (2005) with integrated security, does sql server connect to ADS in order to verify the credentials or does windows handle the authentification mechanism ?
thanks
View 1 Replies
View Related
Oct 3, 2005
Does anyone know how to impersonate a user and then use integrated security with SQL server? Every place I've looked so far only shows how to use integrated security through IIS. For some reason, everytime I impersonate a user account, SQL server identifies me as "NT AUTHORITYANONYMOUS LOGON" Is this by design? or am I doing something wrong?
View 4 Replies
View Related
Sep 5, 2007
If one connects to sql server (2005) with integrated security, does sql server connects to ADS in order to verify credentials or does windows handle the authentification mechanism ?
Thanks.
View 1 Replies
View Related
Dec 2, 1999
We have a a DTS package set up to run against another SQL Server. Using an integrated login is there a way to map an NT Authenticated users is
the sql server login id mapping to this attached server. The DB we are going against only uses NT authentication to attach to.
View 3 Replies
View Related
Apr 7, 1999
Hi All,
Can we implement a table level (object) security on the groups of the windows NT domain using the integrated windows NT security so that one group has
the permission over one table to update ,select ,delete the information and other group has permission has for some other table.
Thanks
Ajay
View 3 Replies
View Related
Aug 8, 2007
or do i need to setup SQL security users and logins.?
View 1 Replies
View Related
Dec 13, 2007
I'm working on a project that requires integration of SQL Server Reporting Services with ASP.NET 3.0 Web Applications.
I'm working on Visual Studio 2005, with SQL Server 2005 on an XP development workstation.
SQL Server, Reporting Services, and IIS are all running on my local machine.
I'm trying to prototype two approaches, one using the Report Viewer control, and the second using the Reporting Services Web Service. I have the two examples setup in projects in Visual Studio.
The sample reports and data sources work fine in Visual Studio. I can access the report using the Reporting Services URL like this: http://localhost/Reports/Pages/Report.aspx?ItemPath=%2fBTT_BDS_DEV%2fCustomers; Report works fine.
My problem is, that when I try and access the report using the Report Viewer inside an ASP.NET page or from the Web Serivce hooked up inside an ASP.NET Page I get a security errors. I have chosen Windows Security for the Datasource, and ASP.NET pages. In the case of the Web Service, I'm passing in my local domain user name as the credentials.
I'm prototyping this on my local workstation, but I need to design this to be used on our corporate Intranet using Windows Security.
My questions are:
1. How do I need to setup users on my local development workstation to get this to work.
2. How should I plan for user security for enterprise deployment, i.e. using Reporting Services inside a large ASP.NET Web Application?
3. Can anybody give me some links to some good developer type working examples of doing this. I've looked but have not found the answers
to the "how do I setup users" part of the question specifcally related to ASP.NET apps?
Below is the code example of the Web Services example app I'm working with which came out of a book I have on
Reporting Services. This example compiles and seems like it would work but doesn't. Also following are a few of the
error messages I get when experimenting with the example apps:
Errors:
1. The permissions granted to user 'LocalMachineNameASPNET' are insufficient for performing this operation. (rsAccessDenied)
2. System.Web.Services.Protocols.SoapException was unhandled by user code
Message="System.Web.Services.Protocols.SoapException: The permissions granted to user 'LocalMachineName\ASPNET' are insufficient for performing this operation. ---> Microsoft.ReportingServices.Diagnostics.Utilities.AccessDeniedException: The permissions granted to user 'WCRBUSCNC2830B\ASPNET' are insufficient for performing this operation. at Microsoft.ReportingServices.Library.RSService._GetReportParameterDefinitionFromCatalog(CatalogItemContext reportContext, String historyID, Boolean forRendering, Guid& reportID, Int32& executionOption, String& savedParametersXml, ReportSnapshot& compiledDefinition, ReportSnapshot& snapshotData, Guid& linkID, DateTime& historyOrSnapshotDate, Byte[]& secDesc) at Microsoft.ReportingServices.Library.GetDataForExecutionAction._GetDataForExecution(CatalogItemContext reportContext, ClientRequest session, String historyID, DataSourcePromptCollection& prompts, ExecutionSettingEnum& execSetting, DateTime& snapshotExecutionDate, ReportSnapshot& snapshotData, Int32& pageCount, Boolean& hasDocMap, PageSettings& reportPageSettings) at Microsoft.ReportingServices.Library.GetDataForExecutionAction.ExecuteStep(CatalogItemContext reportContext, ClientRequest session, DataSourcePromptCollection& prompts, ExecutionSettingEnum& execSetting, DateTime& executionDateTime, ReportSnapshot& snapshotData, Int32& pageCount, Boolean& hasDocMap, PageSettings& reportPageSettings) at Microsoft.ReportingServices.Library.CreateNewSessionAction.Save() at Microsoft.ReportingServices.WebServer.ReportExecution2005Impl.LoadReport(String Report, String HistoryID, ExecutionInfo& executionInfo) --- End of inner exception stack trace --- at Microsoft.ReportingServices.WebServer.ReportExecution2005Impl.LoadReport(String Report, String HistoryID, ExecutionInfo& executionInfo) at Microsoft.ReportingServices.WebServer.ReportExecutionService.LoadReport(String Report, String HistoryID, ExecutionInfo& executionInfo)"
Source="System.Web.Services"
Actor="http://localhost/ReportServer/ReportExecution2005.asmx"
Lang=""
Node="http://localhost/ReportServer/ReportExecution2005.asmx"
Role=""
StackTrace:
at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at WebReportTester.localhost.ReportExecutionService.LoadReport(String Report, String HistoryID) in C:Documents and SettingsconbcxMy DocumentsVisual Studio 2005ProjectsBTT_BDS_DEVWebReportTesterWeb ReferenceslocalhostReference.cs:line 242
at WebReportTester._Default.btnExecuteReport_Click(Object sender, EventArgs e) in C:Documents and SettingsconbcxMy DocumentsVisual Studio 2005ProjectsBTT_BDS_DEVWebReportTesterDefault.aspx.cs:line 82
at System.Web.UI.WebControls.Button.OnClick(EventArgs e)
at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument)
at System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument)
at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument)
at System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
Web Service Code Example:
protected void btnExecuteReport_Click(object sender, EventArgs e)
{
byte[] report;
//Create an instance of the Reporting Services Web Reference
localhost.ReportExecutionService rsv = new localhost.ReportExecutionService();
//Create the credentials that will be used when accessing Reporting Services
//This must be a logon that has rights to the Customers Report
rsv.Credentials = System.Net.CredentialCache.DefaultCredentials;
rsv.PreAuthenticate = true;
//The Reporting Services virtual path to the report.
string reportPath = @"/ReportFolder/Customers";
//The rendering format for the report
string reportFormat = "HTML4.0";
//The devInfo string tells the report viewer how to display with the report
StringBuilder deviceInfoBuilder = new StringBuilder();
deviceInfoBuilder.Append(@"<DeviceInfo>");
deviceInfoBuilder.Append(@"<Toolbar>");
deviceInfoBuilder.Append(@"False");
deviceInfoBuilder.Append(@"</Toolbar>");
deviceInfoBuilder.Append(@"<Parameters>");
deviceInfoBuilder.Append(@"False");
deviceInfoBuilder.Append(@"</Parameters>");
deviceInfoBuilder.Append(@"<DocMap>");
deviceInfoBuilder.Append(@"True");
deviceInfoBuilder.Append(@"</DocMap>");
deviceInfoBuilder.Append(@"<Zoom>");
deviceInfoBuilder.Append(@"100");
deviceInfoBuilder.Append(@"</Zoom>");
deviceInfoBuilder.Append(@"</DeviceInfo>");
string deviceInfo = deviceInfoBuilder.ToString();
//Create an array of the values for the report parameters
localhost.ParameterValue[] parameters = new localhost.ParameterValue[1];
localhost.ParameterValue parameterValue = new localhost.ParameterValue();
parameterValue.Name = "@WTRKCustomerCode";
parameterValue.Value = "B34186";
parameters[0] = parameterValue;
//Create variables for the remainder of the parameters
string historyId = string.Empty;
string credentials = string.Empty;
string showHideToggle = string.Empty;
string extension = string.Empty;
string mimeType = string.Empty;
string encoding = string.Empty;
localhost.Warning[] warnings;
localhost.ParameterValue[] reportHistoryParameters;
string[] streamIds;
localhost.ExecutionInfo execInfo = new WebReportTester.localhost.ExecutionInfo();
localhost.ExecutionHeader execHeader = new WebReportTester.localhost.ExecutionHeader();
rsv.ExecutionHeaderValue = execHeader;
execInfo = rsv.LoadReport(reportPath, null);
rsv.SetExecutionParameters(parameters, "en-us");
try
{
//Execute the Report
report = rsv.Render(reportFormat, deviceInfo, out extension, out mimeType, out encoding, out warnings, out streamIds);
//Flush the pending response
Response.Clear();
//Set the HTTP Headers for a PDF response.
HttpContext.Current.Response.ClearHeaders();
HttpContext.Current.Response.ClearContent();
HttpContext.Current.Response.ContentType = "text/html";
//Filename is the default filename displayed
//if the user does a save as.
HttpContext.Current.Response.AppendHeader("Content-Disposition", "Customers.htm");
//Send the byte array containing the report as a binary response.
HttpContext.Current.Response.BinaryWrite(report);
HttpContext.Current.Response.End();
}
catch (Exception ex)
{
if(ex.Message != "Thread was being aborted.")
{
HttpContext.Current.Response.ClearHeaders();
HttpContext.Current.Response.ClearContent();
HttpContext.Current.Response.ContentType = "text/html";
StringBuilder errorMessageBuilder = new StringBuilder();
errorMessageBuilder.Append(@"<HTML>");
errorMessageBuilder.Append(@"<BODY>");
errorMessageBuilder.Append(@"<H1>");
errorMessageBuilder.Append(@"Error");
errorMessageBuilder.Append(@"</H1>");
errorMessageBuilder.Append(@"<BR>");
errorMessageBuilder.Append(@"<BR>");
errorMessageBuilder.Append(ex.Message);
errorMessageBuilder.Append(@"</BODY>");
errorMessageBuilder.Append(@"</HTML>");
string errorMessage = errorMessageBuilder.ToString();
HttpContext.Current.Response.Write(@errorMessage);
HttpContext.Current.Response.End();
}
}
}
Any direction here related to best practices on setting up users for code use with
ASP.NET applications would be greatly appreciated...
Thanks in advance...
View 8 Replies
View Related
Apr 29, 2005
In my architecture I have a Domain Controller with Active Directory (DOMAIN_A), IIS 6.0 (WEBSERVER) and SqlServer 2000
(SQLDBSERVER).
The WEBSERVER has a
.NET application with windows authentication. The .NET application interacts with the
database server. I want to use Integrated Security to pass in
the users login credentials to the database to run any database calls so that I can
audit who is making what calls on the database.
The connection string
I am using for this is as follows:
string connStr =
"Server=SQLDBSERVER;Database=xxx;integrated
security=SSPI";
The problem arises
after I login to the web application (I use the user DOMAIN_ASomeUser where
SomeUser is a user who has permissions set up to make all of the database
calls). After logging in however, when I go to a page that makes a database
call I get the following error:
System.Data.SqlClient.SqlException: Login failed for user
'DOMAIN_AWEBSERVER$'.
It seems that for some
reason, .NET is not passing the login name SomeUser, but instead is passing
SERVERNAME$. Would anyone pls have any ideas how I can implement this. Any guide or references would be much appreciated.
Thanks in advance.
View 2 Replies
View Related
Dec 17, 1998
We are using a VB application with a "dsnless" connection. It is not able to connect to the SQL box using integrated WinNT authentication. Receive the below error message:
Run-time error '-2147217843 (80040e4d)':
[Microsoft][ODBC SQL Server Driver][SQL Server] Login Failed
We can connect to our test SQL box with using the same application with no problem. The only difference we can see is the clustering on the "real" box.
We are using the following program string to connect to both boxes with the exception of the server we connect to:
"driver={SQL Server};server=server;uid=;pwd=;database=pubs"
Any info. would be greatly appreciated!
Thanks :)
View 1 Replies
View Related
Nov 10, 1998
We've encountered a problem on one of our SQL servers running integrated security where MS Security Manager errors out with "An error occured executing sp_addlogin using Domain_nameusername - " is not a valid name since itbegins with an invalid character." We think it is because the domain has the underscore character in it name. Can anyone confirm or point to other possible configuration issues?
View 1 Replies
View Related
Jul 26, 2007
Ideally, I'd like to move away from using SQL-based logins for our internal applications and take advantage of integrated security instead.
Defining AD groups and their permissions in SQL is simple and getting the application to work with that is not an issue.
Where I'm having difficulty, though, is in isolating the accessibility in integrated security. Because the SQL-based login was isolated from the windows user, they could only get access to the sql server via our app -- their normal windows accounts had no access.
If we switch to use only windows authentication, the user would be able connect fine from our application and have rights to various tables. The issue is that they could also connect via Enterprise Manager, Excel, or any other tool. Is there any way to limit the exposure so that we can take use of AD for our access but further limit to allow connections based upon the application? I realize that this could be impersonated, but it's still better than nothing...
--Kevin Fairchild
View 5 Replies
View Related
Aug 8, 2007
Hello,
We're having a bit of a problem getting Integrated Security to work with a .Net 2.0 application and SQL 2005. While we're tweaking permissions on the SQL-side, we came across an account "Application Login" and wondered what its role is. First, our problem:
Currently, the users in the AD group get a connection error. This group is defined as follows at the instance level:
role: public
user mapping: to the database without any default schema
securables: none
status: grant and enabled
At the database security level:
general: none
securables: execute on all (100+) stored procedures
And we gave them "Execute" on the database itself.
A little background: we had detached and copied this database from one server to another. So we suspect that the Application Login may have been modified/corrupted, even though it appears to be identical between the original and the copied databases. So we redefined it on the copied DB to match the original.
Another group, which is defined as dbo on the database, has no problem at all connecting and running the application.
The Application Login has Execute permissions on all stored procedures and Delete, Insert, Select, Update, and View Definition on the ChangeLog table. It also has db_DataReader, db_DataWriter, and db_ddlAdmin roles associated with it.
Is there another SQL login required for initial connection to the database even though Integrated Security=SSPI is used in the connection string?
Does anyone see where we may be missing a security setting for the non-dbo user group to connect to the database?
Thanks very much for any suggestions, ideas ....
Cheers,
Tess
View 1 Replies
View Related
Mar 6, 2007
How might I Restrict ASP.NET app DB permissions using Integrated Security?
I can see how it's done with SQL Authentication, but I'd prefer to do it with Windows Authentication.
Is it a matter of restricting the permissions of the general ASP.NET user (€śNT AUTHORITYNETWORK SERVICE€?)...seems like it might affect too much.
Or can I have a Windows user/identity/account that is specific to a single ASP.NET Application?
Any guidance on this would be appreciated.
Thanks!
View 3 Replies
View Related
Dec 17, 2006
Hi,
I am having a problem in applying subscription to a report.
Here is my case:
I have a datasource with 'Windows integrated security ' authentication, yes....I am using windows domain authentication, so login info is not stored in DB but its authenticated from domain. Now the report I want to use subscription on is using this DS. I read it somwehere that I can use rsconfig -e -u -p option to assign user to unattended reports.
I think, this is the unattended report. I tried with rsconfig and then clicked on 'new subscription option'...and i got error (again) saying 'Subscription can not be created because the credentials used to run the report are not stored...or if linked report.....blah blah...'
I want to use subscription to this report but with 'Windows integrated security', is there any way I can do it ?? How can I assign some user to this report without changing authentiation method and use subscription ?
Help me ...I am stuck, this is the last milestone in my project !!!
Thanks,
Prashant
View 8 Replies
View Related
Mar 1, 2007
I have a set of reports that read from an Analysis Services cube. Permissions are managed at the cube level since different users should look at the same report but different data. This is why for those reports, the data source has Windows Integrated Security set.
Those same users should be able to subscribe to those reports, the problem is that for subscriptions to work, the data sources must store the credentials. This means the filtered reports are lost since the stored account will show all the reports for all users.
Is there any way of generating "filtered subscriptions"?
Thanks in advance
View 3 Replies
View Related
Nov 27, 2007
I'm looking for a best practices document or microsoft book that explains proper database security design for applications accessing sql using integrated security.
I am an application developer at a shop that has been using sql authentication to connect to sql servers.
We have an sql login and user setup for each application. This sql user has read/write access to that applications database. The (human) users have no idea what the login is, we have a special generic dll that feeds the sql logins and passwords to our applications at run time for each app.
Operations is pushing to move out of mixed mode and into full integraded security mode. Microsoft best practices push integrated security so I understand the move. What I'm trying to locate is some microsoft documentation on security design.
This is what I have pieced together so far regarding the windows authenciated approach to applications accessing databases. With windows security, users will be able to bypass our applications all together and use tools like access and excel to hit the databases even if we don't want them going in there. Their windows security will allow them to do this with integrated security. This is assuming we don't have the app "run as windows user x" and that we grant the user groups permissions on the database objects. This means instead of granting user groups generic read/write on the entire database like we could with sql security we need to consider what groups use the application and consider what permissions need to exist on each database object for that group. In addition we will need to almost exclusively use views and stored procedures to get data as these will act as filters to only allow users to touch what they should be allowed to touch. Having select and update statements within apps would require users have table rights, which is basically the same as allowing them to do anything. Each view and procedure will need to be set up with special consideration so that if a user where to hit them directly we would be ok with it...Basically the application layer which contains a multitude of validation logic on user entry controls can be skipped by a "smart" user who decides to "fool around" in access"
. A solution to fix this would be to have our apps run as a special windows user id but operations has refused to allow this. And honestly this would be nearly identical to just using sql authentication. We are looking at a security redesign of over 60 systems and a multitude of reports. I'm looking for a best practices document or microsoft book that I can use to help demonstrate the amount of redesign work making this move will require and shed more light on how this all works.
I have already looked at the following security documents which do not have what I am looking for, so i figured I better ask.
ado.net security
http://msdn2.microsoft.com/en-us/library/hdb58b2f(VS.80).aspx
VB security
http://msdn2.microsoft.com/en-us/library/ms233782(VS.80).aspx
SQL Server 2005 security best practices
http://www.microsoft.com/technet/prodtechnol/sql/2005/sql2005secbestpract.mspx
View 4 Replies
View Related
Oct 9, 2007
I'm using MSSQL7, NT authentication and application roles so only my application can access the data. Also, other applications (like Excel) can not access the data and read it. So far, so good...
Yet, I noticed that if I try to access the SQL Server from another SQL Server on the network, it is allowed to see the list of tables, SP, etc. It is not allowed to open the table, but the Import/Export wizard is working and will allow retrieving data from the secured tables.
If I change to MSSQL authentication, any user will be able to access the data from my application and I don't want that either.
Unless I'm missing something, this is a big problem, especially today where any VPN connection with valid user name and password can actually log in to the domain and therefore connect to the database via SQL Server.
By the way, the server still must allow access to users via applications so logins must exist. I just don't want other SQL servers on the network to be able to connect to and import/export, view table and SP, etc.
Any ideas?
View 1 Replies
View Related
Oct 10, 2007
I'm using MSSQL7, NT authentication and application roles so only my application can access the data. Also, other applications (like Excel) can not access the data and read it. So far, so good...
Yet, I noticed that if I try to access the SQL Server from another SQL Server on the network, it is allowed to see the list of tables, SP, etc. It is not allowed to open the table, but the Import/Export wizard is working and will allow retrieving data from the secured tables.
If I change to MSSQL authentication, any user will be able to access the data from my application and I don't want that either.
Unless I'm missing something, this is a big problem, especially today where any VPN connection with valid user name and password can actually log in to the domain and therefore connect to the database via SQL Server.
By the way, the server still must allow access to users via applications so logins must exist. I just don't want other SQL servers on the network to be able to connect to and import/export, view table and SP, etc.
Any ideas?
View 5 Replies
View Related
Jan 10, 2008
I am looking for something that can detect unauthorized access to our databases. Something that can be used in a 10+ sql server environment.
View 2 Replies
View Related
Sep 8, 2006
Hi all,I use the following connectionstring connect to sqlservserver=(local); database=mydata;Integrated Security=trueIf I tried browse the website in VS Web Developer 2005 environment, it's ok. After I compiled the site and access through IIS server, can not connect to sqlserver , I need to use login and password to connect. How can I connect wihtout using LogID and password.Thanks
View 2 Replies
View Related
Feb 11, 2008
Hello, I started profiling a website that i'm developing yesterday (asp.net 2.0) and noticed that sqlconnection.open is ridiculously slow (between 3-10 seconds) when using integrated security=true in the connection string. If I use SQL authentication instead and pass the username and password in the connection string, sqlconnection.open is instantaneous.
My enviornment is as follows:
Sql server is on a win2003 x64 server.
View 3 Replies
View Related
Apr 9, 2008
I am using windows impersonation in a CLR that is retrieving folder structure. In order to use impersonation I need to pass the windows credential to the SQL server so I am trying to use "integrated security=SSPI" and I also tried "integrated security=true" as well with the same result...I get the error: Login failed for user ''. The user is not associated with a trusted SQL Server connection.
The SQL Server and IIS are located in different un-trusted domain. I am however able to connect to the SQL Server using user id and password. In my web.config file:
<add name="ConnectionName1" connectionString="Data Source=IpAddress,Port#;Initial Catalog=DatabaseName;Integrated Security=true;persist security info=False; Trusted_Connection=Yes;" providerName="System.Data.SqlClient"/> à Doesn’t work
<add name="ConnectionName2" connectionString="Data Source=IpAddress,Port#;Initial Catalog=DatabaseName;uid=user;pwd=password;" providerName="System.Data.SqlClient"/> Ă WorksBased on the error message it looks like there is no user passed to the SQL server.
What am I missing? At this point I am thankful for any input…
View 5 Replies
View Related
Mar 6, 2005
ok thi is my code for test
SqlConnection conn = new SqlConnection("server=majed13;Integrated Security=SSPI;");
conn.Open();
conn.Close();
connection is OK
the user logged in SQL Server is ASPNET USER
i want looged in current NT USER not ASPNET USER
thanx in advance
View 4 Replies
View Related
