SQl Server 2000 
Author Message
 SQl Server 2000

I am trying to log in to a sql server db (server running on my machine) from
an ASP.Net app.  When I try to fill the datatable I get an error message
saying I dont have permission.  When I try exactly the same op using a
windows app instead it works.  I am using windows integrated security and a
sql data adapter.  Any suggestions??


Tue, 04 Jan 2005 04:12:02 GMT  
 SQl Server 2000
David,

    The problem with this is that ASP.NET is running under a local user
account named ASPNET (by default).  This account does not have network
capabilities, so it is failing there.  Change the user that ASP.NET runs
under and you should be fine.

    Hope this helps.

--
               - Nicholas Paldino [.NET MVP]


Quote:
> I am trying to log in to a sql server db (server running on my machine)
from
> an ASP.Net app.  When I try to fill the datatable I get an error message
> saying I dont have permission.  When I try exactly the same op using a
> windows app instead it works.  I am using windows integrated security and
a
> sql data adapter.  Any suggestions??



Tue, 04 Jan 2005 04:19:37 GMT  
 SQl Server 2000
Or use standard security rather than integrated and use a firewall
to block port 1433 from Internet access.

-c



Quote:
> David,

>     The problem with this is that ASP.NET is running under a local user
> account named ASPNET (by default).  This account does not have network
> capabilities, so it is failing there.  Change the user that ASP.NET runs
> under and you should be fine.

>     Hope this helps.

> --
>                - Nicholas Paldino [.NET MVP]



> > I am trying to log in to a sql server db (server running on my machine)
> from
> > an ASP.Net app.  When I try to fill the datatable I get an error message
> > saying I dont have permission.  When I try exactly the same op using a
> > windows app instead it works.  I am using windows integrated security
and
> a
> > sql data adapter.  Any suggestions??



Tue, 04 Jan 2005 04:37:53 GMT  
 SQl Server 2000
Chad,

    Chances are that the SQL server is not exposed directly to the internet
anyways.  If so, then shame on the original poster.  That creates more
problems than it is worth (at least go through a DMZ or something like
that).

--
               - Nicholas Paldino [.NET MVP]


Quote:
> Or use standard security rather than integrated and use a firewall
> to block port 1433 from Internet access.

> -c


wrote

> > David,

> >     The problem with this is that ASP.NET is running under a local user
> > account named ASPNET (by default).  This account does not have network
> > capabilities, so it is failing there.  Change the user that ASP.NET runs
> > under and you should be fine.

> >     Hope this helps.

> > --
> >                - Nicholas Paldino [.NET MVP]



> > > I am trying to log in to a sql server db (server running on my
machine)
> > from
> > > an ASP.Net app.  When I try to fill the datatable I get an error
message
> > > saying I dont have permission.  When I try exactly the same op using a
> > > windows app instead it works.  I am using windows integrated security
> and
> > a
> > > sql data adapter.  Any suggestions??



Tue, 04 Jan 2005 04:39:34 GMT  
 SQl Server 2000


Quote:
>     The problem with this is that ASP.NET is running under a local user
> account named ASPNET (by default).  This account does not have network
> capabilities, so it is failing there.  Change the user that ASP.NET runs
> under and you should be fine.

You can also grant permission (using Windows integrated security in SQL
Server) to the ASPNET user. One important thing is to not give the user to
much access. Since SQL Server supports stored procedures, the best thing
would be to create stored procedures for the DB access, and then only grant
execute permissions to those SPs to the ASPNET user, and deny direct access
(SELECT, INSERT, UPDATE, DELETE) on all the tables for ASPNET.

That way, even if the ASP.NET application is hacked, it can't do much harm
to the database.



Tue, 04 Jan 2005 04:46:13 GMT  
 SQl Server 2000
This won't be a problem for you if you use DNS-less
connections with SQL username/passwords.

For example:
User ID=sa;Password=;Initial Catalog=tablename;Data Source=server

Lanik


Quote:
> I am trying to log in to a sql server db (server running on my machine)
from
> an ASP.Net app.  When I try to fill the datatable I get an error message
> saying I dont have permission.  When I try exactly the same op using a
> windows app instead it works.  I am using windows integrated security and
a
> sql data adapter.  Any suggestions??



Tue, 04 Jan 2005 04:54:20 GMT  
 SQl Server 2000
I know, shame, but you'd be suprised. I'm subscribed to
NT Bug Traq and when that recent SQL Worm went around, it
got quite popular because of all the knuckle-heads running
SQL in the open with a blank sa password. *sigh*

-c



Quote:
> Chad,

>     Chances are that the SQL server is not exposed directly to the
internet
> anyways.  If so, then shame on the original poster.  That creates more
> problems than it is worth (at least go through a DMZ or something like
> that).

> --
>                - Nicholas Paldino [.NET MVP]



> > Or use standard security rather than integrated and use a firewall
> > to block port 1433 from Internet access.

> > -c


> wrote

> > > David,

> > >     The problem with this is that ASP.NET is running under a local
user
> > > account named ASPNET (by default).  This account does not have network
> > > capabilities, so it is failing there.  Change the user that ASP.NET
runs
> > > under and you should be fine.

> > >     Hope this helps.

> > > --
> > >                - Nicholas Paldino [.NET MVP]



> > > > I am trying to log in to a sql server db (server running on my
> machine)
> > > from
> > > > an ASP.Net app.  When I try to fill the datatable I get an error
> message
> > > > saying I dont have permission.  When I try exactly the same op using
a
> > > > windows app instead it works.  I am using windows integrated
security
> > and
> > > a
> > > > sql data adapter.  Any suggestions??



Tue, 04 Jan 2005 04:56:16 GMT  
 SQl Server 2000


Quote:

wrote

> >     The problem with this is that ASP.NET is running under a local user
> > account named ASPNET (by default).  This account does not have network
> > capabilities, so it is failing there.  Change the user that ASP.NET runs
> > under and you should be fine.

> You can also grant permission (using Windows integrated security in SQL
> Server) to the ASPNET user. One important thing is to not give the user to
> much access. Since SQL Server supports stored procedures, the best thing
> would be to create stored procedures for the DB access, and then only
grant
> execute permissions to those SPs to the ASPNET user, and deny direct
access
> (SELECT, INSERT, UPDATE, DELETE) on all the tables for ASPNET.

> That way, even if the ASP.NET application is hacked, it can't do much harm
> to the database.

The ASPNET user doesn't have network access by default, I don't think,
so you'll have to use (local) as your SQL Server name to avoid this.

-c



Tue, 04 Jan 2005 04:57:39 GMT  
 SQl Server 2000

Quote:
> The ASPNET user doesn't have network access by default, I don't think,
> so you'll have to use (local) as your SQL Server name to avoid this.

Oh, sorry, forgot about that :). Anyway, the things I mentioned could just
as well be applied to any Windows user that you set up for the SQL Server
access. The only thing needed (apart from what I wrote in my other message),
is to change the user that the ASP.NET application is running under.


Tue, 04 Jan 2005 05:19:13 GMT  
 SQl Server 2000
Go update you registry and change the LoginMode value
under
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSQLServer\MSSQLServ
er set the value to two and you could use Windows
Authentication and SQL Authentication.
You should then be able to login into MSDE
via the "sa" user.

Alexandre Jaquet
22 years old
Analyst Programmer ET
looking for a job in december preferly with .NET tech



Tue, 04 Jan 2005 08:43:31 GMT  
 SQl Server 2000

Quote:
> You should then be able to login into MSDE
> via the "sa" user.

Don't use the sa user to login to the SQL Server from an application. It
doesn't matter if it is just for development purposes or for production.
Instead of using the sa account, create a new SQL account (if you want to
use SQL authentication), give it restricted access, and use that when
developing your solution. If you use the sa account with a weak password, or
if you don't use stored procedure (i.e. you run select/insert/update/deletes
against the tables directly) and is open for a SQL injection attack, the
attacker could use your web solution to format the harddrive or wiping out
valueble data.


Tue, 04 Jan 2005 15:08:44 GMT  
 
 [ 11 post ] 

 Relevant Pages 

1. Can't delete rows from a table in SQL Server 2000 without a primary key

2. Pocket PC access to SQL Server 2000

3. Access SQL Server 2000 Data Analysis Services

4. SQL Server 2000 Trial Version ?

5. SqlCommand object and stored procedures in SQL Server 2000

6. SQL server 2000 , a bug related to ODBC DSN ADO related

7. Executing stored procedure on sql server 2000 using c program

8. Help!How to read files from sql server 2000

9. Sql server 2000 crosstab and pivoting utility

10. SQL Server 2000 failing to install after Visual Studio.net upgrade

11. installing SQL Server 2000 causing memory reference problem

12. Connecting to a sql server 2000 using c not c++

 

 
Powered by phpBB® Forum Software