I have an ASP.NET MVC app hosted on Azure. I use OpenIdConnect/Owin and Azure AD Integrated to authenticate. I have an error log table with a UserId column that only displays the SA username. I also have tables with CreatedBy/ModifiedBy columns that only display the SA username. These records are created via stored procedures.
I already granted execute access to my user account, but the columns continue to be set to the SA username. The only thing that I can think of is a connection string that is causing the value to only be the SA username.
How can I get the stored procedures to run as the user that created/updated the records to set the UserId, CreatedBy and ModifiedBy columns to its username?
UPDATE: I have narrowed down the reason for this. When I deploy the application to Azure, under Publish -> Settings -> Databases, connection strings are entered for the DbContexts. Currently, I have one as Data Source=tcp:servername.database.windows.net,1433;Initial Catalog=dbname;User ID=myusername;Password=StrongPassword123;Encrypt=True;TrustServerCertificate=False
I previously tried the following: Data Source=tcp:servername.database.windows.net,1433;Initial Catalog=dbname;Persist Security Info=False;MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Authentication=Active Directory Integrated;, but got the error "The format of the specified domain name is invalid."
How can I get the stored procedures to run as the user that
created/updated the records to set the UserId, CreatedBy and
ModifiedBy columns to its username?
You don't. You pass those values into the stored procedure. Think of it this way: do you think csharpdev has write permissions on the Stack Overflow database? Of course not; the back end code passes your user id into the sproc that creates the record.
Related
Unable to create role when i connect using npgsql. Authorisation error.
I tried to GRANT ALL on rolesTable to ascertain if that would make a difference but same error.
CREATE ROLE roleName LOGIN ENCRYPTED PASSWORD ##### VALID UNTIL 'infinity' CONNECTION LIMIT 3
I thought the role would be created but instead I get 42501:permission denied to create role. The strange thing when I login to the postgres database using the user using PgAdmin tool I can create a user by the GUI.
I have a schema in MySQL '_users' which includes 1 table with two columns (username, telephone number). For simplicity lets assume that i have 4 store procedures.
SP_Find user: Return the user telephone number (Select)
SP_Add user: Add a new user and telephone number (Insert)
SP_Delete user: Remove user (Delete) - delete row
SP_Update user: Change the users telephone (Update)
I have one user in MySQL. In order for the C# connection to work i need to give to the user: 1) under the Administration Tab - Global Privileges - SELECT and 2) under the Schema Privileges - EXECUTE in '_users'.
When i try to remove the first one, the C# request to run any procedure is denied. I don't want to give 'Global Privileges - SELECT' to the c# app because ti will have access to Select through all schemas.
I would like to give access to my C# app only to run the stored procedures. How can i do this?
I have a trigger set on SQL table for Audit Trail purpose.
Here is the trigger code.
ALTER TRIGGER [dbo].[tri_bowzer_UPDATE] ON [dbo].[Bowzer]
For Update
AS
INSERT Table_Audit(TableName, Action, UserName, ComputerName)
SELECT
'bowzer', 'U', suser_sname(), host_name()
It works fine and shows the username and the computer (client) name in Desktop applications. but in ASP.NET applications, I use a common SQL login so that database operations can be performed using this login. I understand that SQL Server is getting server machine name because of this ID. However, I want to capture the client machine name whenever a database operation is performed.
What changes can be made to get client machine name??
You need to tweak your connection string to specify the connectionstring property WSID (Workstation id) as below
string strconn = "data source=SQLSERVER;initial catalog = DBNAME ; uid=sa;pwd=password; WSID=" + (System.Net.Dns.GetHostEntry(Request.ServerVariables["remote_addr"]).HostName);
and then you will get HOST_NAME() value as client machine name in your trigger
MSDN : http://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlconnection.connectionstring.aspx
You can set the client's IP address using T-SQL SET CONTEXT_INFO, and retrieve this data in the trigger using the CONTEXT_INFO function.
This design is not really suitable for what you are trying to achieve. I'd consider adding updated by column in your database where you can store user id or machine name of a user who updated data.
This way you'll keep the trigger logic simple and avoid too many connections to your database that might degrade performance.
I'm trying to create new DB user for Firebird 2.5 DB from my C# application and geting an error "add record error no permission for insert/write access to TABLE USERS".
I've granted rdb$admin role to the user, created connection to DB using this role yet still i'm getting this error.
Wierdiest thing for me is that when i'm trying to create new user for my DB in IBExpert using same user settings and role (rdb$admin) it goes fine and I don't get eny errors.
What could be the problem? Why can't I execute SQL queries and procedures that update/insert in USERS table although I have appropriate role, that I'm using establishing connection?
I'm using latest FirebirdClient - ADO.NET Data Provider.
Connection string to the DB looks like this:
`"User=developer;Password=*****;Database=C:\DB.fdb;DataSource=*****;Port=*****;Dialect=3;Charset=NONE;Role=rdb$admin;Connection lifetime=15;Pooling=True;MinPoolSize=0;MaxPoolSize=50;Packet Size=8192;ServerType=0;"`
Can somebody help me with this problem?
I've found a solution - problem was that I forgot to GRANT ADMIN ROLE to the user by which I've executed procedure so I can't manage database users.
So GRANT ADMIN ROLE to user solved the problem.
I'm writing a small website in ASP.NET C#.
I've already made a database which will receive the user data and various other things.
Now I want to register users. I've found the MembershipUser and MembershipCreateStatus class and enum to be often used for this.
However, even though my database is seen in the Server Explorer of Visual Studio, I can't seem to link the User-creation to that database.
What I want is when I do this:
MembershipUser newUser = Membership.CreateUser(username.Text, password.Text, email.Text);
It ends up in the database and table of my choice. I can't find how to configure this.
The ASP.Net membership provider uses its own tables/stored procedures for storing user data.
http://msdn.microsoft.com/en-us/library/yh26yfzy.aspx
You can use your own table for profile info (that is, non-authentication information) using either the ProfileProvider or by using the guid assigned by in the aspnet_Users table as a key for your own table and retrieving the profile record after authentication occurs.
From the Visual Studio command prompt run the following:
aspnet_regsql -S [my server, eg: (local)\SQLEXPRESS] -E -A all -d [my database]
This will attach the ASP.NET user required stored procedures and tables to your database so that the built in Membership and Role Providers can actualy work.
use the WAT tool in VS to create your initial users if you need so you can test right away.