I have one web server & one DB server (running SQL SERVER 2008). Both the servers are in different domains. The web server is allowed to communicate(the communication takes place internally without the intervention of firewall) directly with the DB server, it is given Admin privileges & the DB access through SQL is going on without any problems.But whenever the web server tries to access the Reporting Server & its services, its asking for a separate authentication(Local system account authentication has been configured for SQL Server). I want to know whether is there any way to get rid of this separate authentication for Reporting Services
If you are being prompted for credentials when running a report, then your data source is configured to prompt at run time. You'll need to change the DS to use a SQL login if you don't want this to happen. Your windows credentials cannot be passed from one server to another.
If you are being prompted to log on to the RS site - I've only experienced that on firefox but fixed with a firefox config setting to save the cred for the domain.
Related
I have a Microsoft Access Application which generates a connection string like:
Provider=SQLNCLI11;Server=servername;Database=db_name;Trusted_Connection=yes;
This works without any problem.
What I want to do is to connect to a SQL Server instance where the user must insert his Active Directory name and password.
Like this:
Provider=SQLNCLI11;Server=servername;Database=db_name;Uid=username;Pwd=password;
This only works for users which are created on the SQL Server directly.
I tried Uid=DOMAIN\username, but it isn't working.
Is this possible? Or is there another way how I can get through this?
The environment:
The User is using a local PC with a local account and then he's doing a "NetworkConnect" with his AD-User and password.
After that, "RunAs" as his AD-User is working BUT there is another Application that is started from the Access Application and this App must be started with the local User-Account.
SQL-Server and the AD-User are member of the same domain.
Your choices are
Login to SQL Server using your the Windows Domain account that you are currently logged into. You do this automatically by specifying Trusted_Connection=yes;, or
Login to SQL Server using a SQL Login.
Those are the only two choices possible using a SQL provider connection string. Specifically, you cannot use the SQL access provider to do impersonation, that is, to login to SQL Server using a different Windows domain account than the one that you are currently logged into.
Microsoft designed the AD integration with SQL Server to use the account of the client application, not to be able to handle logging in as a part of the connection string. If the user isn't going to be logged into the machine using the account needed for the database access, the next best option may be something like ShellRunAs in order to let the user run your client app as the correct AD account.
I have one machine running IIS10, another machine running SQL Server Express. I have create an ASP.NET Razor pages web application. All machines are Windows 10 pro.
I cannot for the life of me figure out how to take the credentials from the web app, pass to IIS, and pass to SQL Server. I want to manager access to SQL Server at the user level, not the IIS DefaultAppPool identity.
Has anyone done this before?
Are you trying to pass the user's network login to the database instead of using a dedicated DB account? I think you need a trusted connection.
Grant your users access to your DB
Disable anonymous access in IIS and set the site up SSL
In your connection string set the Trusted_Connection property to true
Connection Strings
If the user is on any browser except IE, they'll probably be prompted for their credentials.
MSSQL server is running with Windows and SQL Server Authentication mode on a server called 'HOST1'. The application which needs to connect with the SQL Server is started as a service on a server called 'HOST2'. Since the service manager starts applications as the user "NT Authority\System", I'm unable to connect with the SQL Server on 'HOST1' from 'HOST2'.
I have the option of manually changing the user account using which the services are launched. That is,
Right click service -> properties -> Log On -> Choose 'This Account' -> Provide a user which has permission to connect with SQL Server in 'HOST1'
But the problem is, there will be hundreds of services, running in hundreds of hosts. Hence modifying the user manually for all services is not possible in my case.
Please let me know how I can connect to SQL Server.
Would using Powershell to script out a solution that is not quite as taxing? Maybe as part of the deploy process?
Powershell script to change service account
I have a web service that stores data in a local SQL Server 2008 database. If I run the web service under my account the web service can successfully access the database. However, if I use the DefaultAppPool (IUSR) account then accessing the database from the web service fails.
How do I set security on SQL Server to allow access to a specific database via IIS?
The specific error message I am getting is:
Login failed for user 'IIS APPPOOL\DefaultAppPool'
You have two options (obvious maybe!):
Instead of using Windows Integrated
Security use SQL Authentication
instead.
If you can't or don't want to, then you have
to create a new user in SQL Server
that relates to that Windows account.
Or (third option) you can change the web service to run under an account that you know works.
I generally run the app pool under a domain user account, that way you control the specific user for each site on your server.
If I can't use a domain account, I'll run the site as "Network Service" - and the user that would correspond to that in SQL would be the machine account (MACHINENAME$ - replace "machinename" with your IIS server name").
If you plan to use the new IIS7 IIS users - which are not windows users - you'll have to use SQL Authentication instead of Windows authentication for your SQL database access.
I have couple of reports that I developed and are sitting on http//localhost/reports.
I have everything else set up, including Sql Server 2005 Config Tools. The reports run fine when I run them on my own machine, where IIS and Sql Server 2005 are both loaded. But they don't work when I try from other computers. I have the dir security to windows integrated security checked.
The error i get is -
An error has occurred during report processing. Cannot create a
connection to data source 'time_clock'. Login failed for user 'NT
AUTHORITY\ANONYMOUS LOGON'.
How do I make them available for remote users?
Is the reportserver and SQL server on the same box? If SSRS is on a different box and MSSQL is on your box, then you have to configure Kerberos for double hop authentication.
Check this link for help on configuring double hop authentcation.
Raj
SSRS machine authenticates the remote user, it impersonates him and it then tries to authenticate to the SQL machine. The SQL machine needs a proof that SSRS is who it claims it is (the remote user), but SSRS does not have the said proof (namely the password of the remote user), therefore authentication falls back to the anonymous logon.
To enable this scenario you need to enable and configure constrained delegation on the account running the SSRS. If constrained delegation is enabled and properly configured then the domain controller will vouch for the SSRS machine impersonated identity of the remote user and the SQL machine will authenticate it successfully.
In addition to turning Windows Authentication on, you need to turn Anonymous authentication off.