I am trying to connect my window service to my local db.
In my OnStart() method inside Service.cs class, i am getting this error..
The underlying provider failed on Open.System.Data.SqlClient.SqlException
(0x80131904): Cannot open database "EduFameProjectDB18" requested by the login.
The login failed.
Login failed for user 'NT AUTHORITY\SYSTEM'.
You are trying to use the SYSTEM account in order to access your database. This is due to the fact that you are using integrated authentication in SQL Server and running the Windows Service under the SYSTEM account.
In order to solve this you have to provide a different credential on you windows service in order for it to open the connection properly. Make sure that the same windows user is present in the logins of SQL Server for your DB, and that it has sufficient rights to access your tables.
As an alternative you can use sql authentication, by creating a SQL Login and providing the credentials in your connection string.
Connect on Sql Server Management Studio.
Now go Security -> NT AUTHORITY\SYSTEM Right Click -> Properties
Click -> Server Roles
Check public, sysadmin
Click Ok
Related
I have an App Service that connect to an Azure SQL. The App Service and Azure SQL is stored in same resource group and I already enabled MSI and I already provided access in SQL for the Azure AD Group that was created. In my code when I tried to open a conenction to the sql. I get the following error
Cannot open server "[servername]" requested by the login. The login failed.
I can see that I am getting an access token
You need to add Azure App service in your Azure SQL in access control (IAM).
Navigate to your Azure SQL and locate Access Control(IAM). On IAM, click on add role assignment and Provide Role as 'Contributor' and Principal as 'Your App Service'. Save the changes.
Now app service will be able to Authenticate itself to SQL database.
right now I am working on a project with .Net CORE c# and entity framework database and I get an error
SqlException: Windows logins are not supported in this version of SQL
Server.
I followed a tutorial and I think I did everything fine...
The only difference is that I have my database hosted on Azure, it should matters?
Here is my connection string
"DefaultConnection": "Server=firstdb123.database.windows.net;Database=TestDB;Trusted_Connection=True;MultipleActiveResultSets=true",
Here is a picture with my database
I have my EmployeesController and my EmployeeContext made by visual studio so it should be right.. but I don't know why it dose not work
Any help would be awesome
See that Trusted_Connection=True; bit in your your connection string? That's a Windows shortcut that allows you to bypass the normal username/password credentials on a server.
You need to create secure Azure login, then use that to specify the connection string.
This page shows how a connection string is created in the various different SQL version.
You can connect to the Azure SQL using the Active Directory Integrated authentication as it is documented.
Connection string should be like
connectionString="Server=servername.database.windows.net,1433;Initial Catalog=DatabaseName;Authentication='Active Directory Integrated'"
Windows Logins of SQL Server:
When a user connects through a Windows user account, SQL Server validates the account name and password using the Windows principal token in the operating system. AS your SQL Database is hosted in azure, we must ensure that your SQL Database and your .Net Core Application are in same Domain when use Windows Logins to connect to SQL Server.
More information about Windows Authentication, we can refer to: Connecting Through Windows Authentication
To Solve your problem, we can use SQL Server Authentication by pass the user name and password.
We can set the User Name and Password at portal as below:
And we can get connection String at portal as below:
Then we can use this connection string in Entity Framework or ADO.NET code.
It does matter that the database is hosted on Azure, because Azure doesn't have access to your windows account and can't verify that you are logged in with a windows account.
You could use the Server admin, but that is not very secure when you are going to run things in production.
Members of the sysadmin fixed server role can perform any activity in the server.
https://learn.microsoft.com/en-us/sql/relational-databases/security/authentication-access/server-level-roles?view=sql-server-2017
To solve this you could create a database user by using:
CREATE USER [{username}] WITH PASSWORD=N'{password}'
Execute this on the database you need access to.
After creating the user you have to give it some permissions:
EXEC sp_addrolemember 'db_datareader', [{username}];
'db_datareader' gives the user read-only permissions on the database. Maybe this is not enough for your user, then you van give it some more permissions by executing the statement again with another database role. More about the database roles: https://learn.microsoft.com/en-us/sql/relational-databases/security/authentication-access/database-level-roles?view=sql-server-2017
For Azure SQL databases it is not possible to do this via SQL Server Management Studio. More information about this:
https://learn.microsoft.com/en-us/azure/sql-database/sql-database-manage-logins
https://www.mssqltips.com/sqlservertip/5242/adding-users-to-azure-sql-databases/
Use this user in your connection string:
"DefaultConnection": "Server=firstdb123.database.windows.net;Database=TestDB;User Id={username};Password={password};MultipleActiveResultSets=true"
I hope this helps you.
I published a web service on a server and this web service is trying to connect to the sql server which is on the same server.
This is my connection string:
Data Source=........\sqlexpress; Initial Catalog =mybooks; User Id =......; Password =......; Integrated Security=SSPI
I want to connect to sql using a sql user account so I used SSPI.
I created an app pool "mypool" for the service, runs under ApplicationPoolIdentity built-in account.
Web service gives error:
System.Data.SqlClient.SqlException: Cannot open database "mybooks" requested by the login. The login failed. Login failed for user "IIS APPPOOL\mypool"
Should I create sql login for IIS pool "mypool"? How can I create this login?
If I create sql login, is there a security issue?
Can I not login to sql using sql username and password?
Thanks for any help
Since you are using SSPI which means Integrated Security = true;
So your windows credentials will be used to authenticate to the sql-server. Not your sql-server username/password. (In your case, the user specified under application pool or web server process)
Just use sql-server username/password and do not use integrated security. Your username/password will be ignored when SSPI is used.
Hope that helps.
The following post may look same but I was unable to correct the problem after attempting all the solutions provided as answers.
(Login failed for user 'DOMAIN\MACHINENAME$')
MY PROBLEM
I am deploying a asp.net web-app with forms authentication enabled on my IIS7 dev server in a Windows Network. My SQL Server is deployed on a remote box, in the same network, with necessary TCP ports opened for remote connections. All the domain users have been given access to necessary databases in SQL server.
Now when I try to run my web-app, following error comes up:
Login failed for user 'DOMAIN\MachineName$'.
I have already given adequate permissions to NT AUTHORITY\NETWORK SERVICE in my SQL server.
I don't want to give any permission to 'DOMAIN\MachineName$' in the SQL server as the developers keep changing the machine names for various test purposes.
The connecting string I am using is:
"Server=SQL-SERVER;Initial Catalog=MyDatabase;Integrated Security=SSPI;Persist Security Info=False"
SQL Provider is System.Data.SqlClient
Anonymous and Form authentication are enabled as my web-app contains login.aspx.
The point is that whenever you use NT AUTHORITY\NETWORK SERVICE as your application pool user, the system translates this in the network to DOMAIN\MachineName$.
What we do is to use the user name of the developer to connect to the machine by setting the username of the application pool to the developer's name.
I also encounter same problem in my intranet environment. The solution is simple yet hard to grab the idea. Usually, The IT Security In-charge will give you active directory service account to log in to your database. You can manage to log in with ssms but it fails in IIS because IIS choose to connect with domain/computername. So set custom account and fill in your domain/username and password.
In IIS Manager, select the application pool that your web app uses or
create a new one if you use the default one.
Click on “Advanced Settings” in the right Actions bar. Under Process Model, click on
the “Identity” value and select “Custom account”.
Click on the “Edit” and enter domain/user name and password for user account.
If you enter all information correctly, the pop-up will be closed successfully
without any error messages.
After that stop your Web Site.
Back again to your application pool and click on the “Recycle”.
Start your Web Site.
And that's it. you web application will successfully connect from IIS.
Created Azure Database and Azure Site. Used the connection string provided by the Azure Site and filled in the password. When i try access the database through the application an error is returned
Login failed for user 'stefan'. System.Data.SqlClient.SqlException: Login failed for user 'stefan'
This session has been assigned a tracing ID of '6ee9a27b-4be7-494b-aadd-7b05a8a3bddb'. Provide this tracing ID to customer support when you need assistance.
if you visit http://clickpc.azurewebsites.net/ can see the error for your self.
I may believe that access is denied in sql IP configuration for the IP of the connecting node
I allowed connections from Azure to the database but seems like still access denied
This error indicates that your username/password is incorrect. If this was due to a Firewall issue, you would have gotten an error message stating something like this:
Firewall check failed. Cannot open server 'XXXXXXXXX' requested by the
login. Client with IP address 'XXXXXXXXX' is not allowed to access the
server. To enable access, use the SQL Azure Portal or run
sp_set_firewall_rule on the master database to create a firewall rule
for this IP address or address range. It may take up to five minutes
for this change to take effect.
Typically, SQL Azure usernames are part username and part server name, like so: stefan#xxxxxxx
Please ensure that you've specified correct SQL Azure username and password
Managing logins in the SQL Azure world are unfortunately difficult. For example, SQL Server Management Studio doesn't let you add new logins and users via the GUI. Things have to be done using T-SQL.
To start, when you first created the database using the Azure Portal, did you use Stefan as the login name? That is important because Stefan becomes takes on the dbo database role (admin). Otherwise, you need to create new users and assign permissions.
Second, in the Azure Portal, locate your database and click on manage. Try to login on via that webpage using Stefan. If that doesn't work then you have the wrong username or password. If it does work, open up Management Studio and connect to your SQL Azure db, using Stefan. Then use this Microsoft guide to troubleshoot: Managing Databases and Logins in Windows Azure SQL Database