I have a web site app running on IIS 7.5 that access a LocalDb, all installed on same server.
Using SSMS, I can see the app db folder in the object explorer but when I try to expand it, I get an error saying that the database is not accessible. If I stop the web site in IIS then I can access it.
Is there a way that I can work on the database in SSMS simultaneously while the clients are accessing the web app ?
I log in the SSMS as administrator using Windows authentication. The web app log in as "IIS AppPool\AutoParkDemo" using the ApplicationPoolIdentity.
<connectionStrings>
<clear />
<add name="AutoPark" connectionString="Data Source=(LocalDb)\v11.0;Initial Catalog=AutoParkDemo;AttachDbFilename=C:\AutoPark\Demo\Data\AutoParkDemo.mdf;Integrated Security=true" providerName="System.Data.SqlClient" />
</connectionStrings>
IIS server needs to have exclusive access to local db file, that is the main reason you can't access to database using SSMS.
In theory you could have read-only access to local db while IIS is running on background. I use often Visual Studio and IIS, and I can access local db while web server is running.
I believe SSMS needs write access to works with local db. This could be the reason why VS can read and SSMS not.
What I have found out is that each application that access LocalDB simultaneously, must have its own shared instance. There is a good tutorial about it on MS site, but the problem is that if there is no activity the shared instance stops and, although I read on Microsoft website that it will restart automatically, it didn't happen to me. After struggling for couple weeks, I decided to use the suggestion from other post on this site: When deploying to a web site with IIS, use SQLExpress instead. It now works perfectly.
Related
I have an MVC application that connects to SQL Server (I used a database first setup with ADO.NET Entity Framework 6.0). When I debug on my laptop it connects to the SQL Server correctly and renders the page without issue. But when I publish and connect to the remote server (which also is hosting the SQL Server instance) I get an error: Select permission was denied. Of note is that this is set up to only work when connected to the corporate network (or with a VPN), and the server is intranet only.
I have been looking at potential solutions, and the user account on the database has db_datareader and db_datawriter permissions. My connection string calls for integrated security=True.
I access this same database from desktop applications using those settings with no issues, so I am thinking that there is a difference with the way IIS is evaluating the user.
The server is set up to assign everyone into a single account for the purposes of database access, so all of the DOMAIN\USERS are mapped into a single account called DOMAIN\MyDatabaseUser.
This user has the correct permissions in the database/security/users property window.
I took a look at an answer for a similar issue that referred to the IIS Application Pool, but that issue was getting login failure, which I am not seeing.
Here is my connection string:
<connectionStrings>
<add name="PMToolsEntities" connectionString="metadata=res://*/Models.PMToolsModel.csdl|res://*/Models.PMToolsModel.ssdl|res://*/Models.PMToolsModel.msl;
provider=System.Data.SqlClient;
provider connection string="
data source=SERVER\MySQLExpressInstance;initial catalog=MyDatabase;
integrated security=True;
MultipleActiveResultSets=True;
App=EntityFramework""
providerName="System.Data.EntityClient" />
I have tried setting integrated security to SSPI but I get the same result. I also, for grins, removed the integrated security setting entirely and then I get a login failure (login failed for user '') as expected.
Here is what the permissions look like for MyDatabaseUser:
I basically added everything except the deny items to be sure, but I'm not getting in still.
Here is a link to what ultimately helped me (along with a patient IT guy who let me browse around on the server that I wouldn't normally have access to).
On Windows Server 2012, in the IIS MMC snap in I could see that my web site had an Application Pool added specifically for the site called MySite. Windows automatically creates a virtual user that needs to be added to the SQL Server Logins (not the database users) called IIS APPPOOL\MySite. The trick is that you must not use the search function in SSMS as it will replace IIS APPPOOL with the ServerName and therefore fail to resolve the account.
Basic Problem:
I have a web application that accesses a SQL Server database on the same machine. The web app runs under its own app pool - let us call it MyAppPool. If I goto advanced settings in IIS Manager, I can see that MyAppPool runs under ApplicationPoolIdentity. When I make requests to the web app, I can open task manager and verify that the username of w3wp.exe is MyAppPool. In SQL Server, I have added a Windows User IIS AppPool\MyAppPool and given it necessary permissions to read from db. The problem is that I am getting a login failed for DOMAIN\MACHINE$ when a logon is attempted to SQL Server. Its beyond me. Why is the app not logging on as IIS AppPool\MyAppPool?
Details:
I know variants of this question have been asked elsewhere, but I am really stuck without a solution. I experimented adding a <identity impersonate="true" /> to the web.config. If I do this, I get a login failed for NT AUTHORITY\IUSR. I have tried accessing the web app from the machine on which it is hosted and get same login error. I am running IIS8, Windows Server 2012, and SQL Server 2012.
Closest question I could find is Why is my MVC app trying to log into my DB as my machine, and not as the App Pool identity?, and the solutions provided do not work. I cannot change Integrated Security to be false (I had this thing running in the past). Quoting https://stackoverflow.com/a/15145488/147530:
ApplicationPoolIdentity uses IIS AppPool\ApplicationPool for local
access, but DOMAIN\MACHINE-NAME$ for remote access
sounds reasonable. Question is why is ApplicationPoolIdentity not using IIS AppPool\MyAppPool identity when db is hosted on same machine??
Quoting another SO post, IIS application using application pool identity loses primary token?:
This application also connects to a SQL Server database using
Integrated Security=true in the connection string. If the database is
local, then we see that IIS APPPOOL\OurAppPoolName is used to connect
to the database; if the database is remote, then the machine account
OURDOMAIN\ourwebserver$ is used.
This is the behavior I want, but not getting it, and that is what I am asking in this question - I don't want to give permissions to DOMAIN\MACHINE-NAME$ to log onto SQL Server. Quoting https://stackoverflow.com/a/15445280/147530:
I think that's a bad idea, however, because it authorizes any program
running as NetworkService to access the database - not just your web
applications.
I tried one more thing, which was to enable Windows Authentication on IIS8 using this link http://www.iis.net/learn/install/installing-iis-85/installing-iis-85-on-windows-server-2012-r2#ModulesinIIS85 but this has also not solved the problem.
Fixed this problem. In SSMS, there is a path machine -> security -> logins which contains users who can log onto the machine. I had not added the apppool to this list. I had only added the apppool to machine -> databases -> my database -> security -> users
I have my ASP.NET MVC 3 project with a local database stored in /App_Data directory. This db is SQLExpress file (*-mdf).
I have my connection string working perfectly in my development CPU, the Connection String is:
data source=.\SQLEXPRESS;initial catalog=CFCBBSecurity;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|\MYFILE.mdf;User instance=true" providerName="System.Data.SqlClient"
When I upload it to Azure, using VS 2010, all files are in the server, but the application cannot access the Database.
What should I do, change or update?
Thanks in advance.
The problem is that you're referencing a local SQL instance (.\SQLEXPRESS, the 'dot' stands for localhost). I'm assuming you are running SQL Server 2005/2008/2012 Express on your machine and that's why this works locally.
But when you deploy your application to Windows Azure, there's no SQL Server installed on that Web Role/Worker Role/Web Site (this would be a bad idea anyways because Web/Worker Roles are not persistent!).
What you'll need to do is sign up for a 'cloud database' like SQL Azure and use that. Or you could host it yourself in a Windows Azure Virtual Machine (which is IaaS, but this involves more work).
If you're building an MVC 3 application I would suggest you simply start with SQL Azure. Here is a tutorial: Running ASP.NET MVC 3 Applications on Azure (note that this tutorial contains screenshots of the old portal).
I'm connecting to a remote database. The connection works for ASP.NET Development Server, but is failing since I switched to using IIS. Here's my connection string:
<add name="ConnectionString"
connectionString="Server=SQL-NWSS-048\SHRDDEV01;Database=PESTS;Trusted_Connection=True;"
providerName="System.Data.SqlClient" />
In Cassini, the web site is running under your account. Since your account has rights to the database, it works, as you're using Windows Integrated security to access the SQL Server. (Trusted Connection=True).
In IIS, unless you configure it differently, it runs under the <Server Name>\Network Service account, which is a local account on that server. Odds are that account doesn't have access to the database.
See How to: Access SQL Server Using Windows Integrated Security
That's relatively difficult compared to using SQL Server authentication instead. I'd recommend using SQL Server authentication, where you pass in a username/password if your situation allows for it. Just be sure to encrypt the connection strings in the web.config.
Database: Sql Server 2005
Webserver: IIS 5.0
IDE: Visual Studio 2010
I've created a Silverlight RIA application which will allow users of our intranet query one of our databases.
In the config I have set the authentication to windows and enabled impersonation.
In IIS i have disabled anonymous access and only enabled windows authentication.
This all works fine in my development environment and when running it from VS2010.
When i publish it to my local web server and connect to it from my local pc it works too.
However if i access the URL to the application on my local web server from another machine the application does not work. It gives the following error: "Load operation failed '[QueryName]'. Exception type 'System.ServiceModel.DomainServices.Client.DomainOperationException' was thrown.
The database sits on its own server. However i have the same database locally and if i change the connectionstring to local at the local version of that database it works fine.
IIS on my PC does not seem to forward requests to the SQL Server machine. As im running profiler to see what requests come in.
Any help on this would be greatly appreciated. Im sure im missing something.
Thanks
this was an issue was a classic double hop problem when using windows authentication. instead i used annoymous access on IIS and set the App Pool to an account that had access to the database on SQL Server