I've created an application using the ASP.Net Entity Framework 6 Code First approach.
The app runs fine locally, using a local instance of a SQL Server database.
After creating an azure account and publishing the site to the Azure service, the site home page and login pages load just fine.
If I try to login or access the 'register' page, I get the following exception:
Cannot open server "app.co.za" requested by the login. The login
failed.
app.co.za is not the real domain name, I have replaced the original.
The original domain is only related to the site because I've created my Azure account using my email from that domain.
When specifying the Azure database under the deployment profile in Visual Studio, I entered the connection string provided on the Azure Portal with my Azure portal login details (which is where I think the issue might be).
Since this is a login issue though, I'm not sure if I've entered the correct set of credentials? I've made sure that there are no errors in the password.
How can I know that I have used the correct credentials to log in with?
Thanks!
Azure SQL Databases are firewalled and only allow connections from whitelisted IP addresses. If you haven't already done so, please browse to your Azure SQL DB in the Azure Portal and click on the Overview tab. You'll then see a "Set Server Firewall" menu option on the Overview tab. Add your current IP address to the list.
You can verify that your IP is whitelisted by connecting to your Azure SQL DB via Sql Server Management Studio.
Related
I have an ASP Core web app that connects to an Azure SQL database.
The users (a handfull of people) can log into the web app using Microsoft, Google or Facebook logins.
Since I've lost my appetite for developing web apps, I want to turn this app into a desktop app.
This presents a number of problems, obviously, with regards to keeping the database credentials safe on the local machine where the app will be running.
I know the advice is to use a web service as data layer between the app and the database, but since I want to scale down my web development activities, not scale them up, this is not a preferred scenario.
I've looked at using DPAPI to encrypt the credentials, but that would mean the credentials need to be encrypted on the local machines. Ideally I'd encrypt them on my machine in a way they can't decrypt them.
Since that's impossible, I don't think this scenario can work.
Ideally I'd have them connect to the database directly with unique credentials, without me having to manage all these accounts manually.
So, is there a way to have users login to Azure SQL using the same 'socials' they use to log in at the moment?
Cheers,
CJ
For instance, how will you prohibit users from removing data from other users. To keep people from updating data from other users and from inputting enormous volumes of data.
As suggests in comment by MaaretenDev building API seems to be best suited. Create an API that will allow you to get greater sophistication and control over the database. Consider utilizing an API instead than direct database access since it causes more difficulties than it solves.
Else you can leverage Azure Active directory users to login so as to have the control.
Note: The new admin name (user or group) cannot already be existing in the virtual master database as a server authentication
user when setting up the Azure AD admin. If such an admin (name)
already exists, the Azure AD admin setup will fail, rolling back its
creation and notifying that such an admin (name) already exists.
Because such a server authentication user is not a member of Azure AD,
any attempt to connect to the server using Azure AD authentication
fails.
I'm trying to use, for the first time, Windows authentication on my ASP.NET Core 3.1 MVC site to connect to SQL Server using EF Core.
Locally everything is ok (using IIS Express), but on the server, something goes wrong.
My site has "hi,<myDomain/myAccount>!" on the top right of the page, and it is correct, but when I request a page with database query, I get this error:
SqlException: Login failed for user 'MyDomain\MyServerName$'
Why? How do I configure EF Core connection string?
Update:
I can't use form authentication
I don't have a user list table
I can use impersonation (WinAuth? active dir?)
Every user(more can login to site has the access to the sql database
I can change some IIS Server settings
This is the first time i use the winAuth (auto configured by visual studio create project tool => with windows authentication)
"what kind of user is the app pool running under?" i don't know, the default one i think
This is likely an issue having to do with the credentials running the app pool in IIS, and the access rights those particular credentials have. You say you are NOT using impersonation, in which case the request to SQL Server from your app running on IIS needs to be made using a system account that has proper database access. A system account being a singleton account that only exists to run as the "Application Pool Identity" for the app in IIS.
On IIS on your server, what kind of user is the app pool running under? In most cases with Windows Authentication, you want to use a system account of some kind to run the app pool and then give that system account access to the database. If you don't want to use a system account, you would have to use impersonation, and then use an AD Group to give the impersonated users access to the SQL Server Database.
Since you're saying the request to SQL server is coming across as DOMAIN\SERVERNAME, you likely need to change that setting in IIS to set the request to come from a system account, and then give that system account explicit access to the SQL Server database.
You can change this by adjusting your Advanced Settings in IIS and inputting the information (Username/PW) of the account you want to run the app under or "as" in IIS.
Then, add this same DOMAIN\USERNAME account to the Database as a user who can Read/Write/Delete etc. You could also simply add the DOMAIN\SERVERNAME that is being denied in it's request to the database here, if you don't want to use a custom system account.
As for "How to configure EFCore connection string?", this is usually done in the Startup.cs file. There you can input a connection string from your appsettings.json directly with the .UseSqlServer(connectionstring) method.
You access the connection string using Configuration.GetConnectionString("KEY").
Once configured there, you don't need to configure it again (unless perhaps to change from dev/qa/prod environments).
I am new to ASP.NET MVC and creating a little application in my spare time at work.
This application has windows authentication and connects to one of our remote test databases, and the application does some simple select/update/insert queries with one of the tables on this database.
For one part of my application, when a user clicks 'process', I save that user's username in my model by doing:
job.User = System.Web.HttpContext.Current.Request.LogonUserIdentity.Name;
And then write that to the database.
Everything run's fine when I run it locally through visual studio, it recognises my domain name/username and saves that to the database.
Once publishing to IIS, I ask one of my team members to connect to my computername/site and when they try to click that same 'Process', they get
"Login failed for user 'OURDOMAINNAME/MYCOMPUTERNAME$'. "
My application is using DefaultAppPool with Identity set as 'ApplicationPoolIdentity'.
My whole team has permissions to access this database and if only my application picked up their correct domain group/username then it would OK but the application is trying to connect as MY computer and not my actual windows logon.
Can anybody please advise?
Since you are using ApplicationPoolIdentity, did you allow that user in your MSSQL database?
User: IIS APPPool\DefaultAppPool
So for security purposes I created a different user on my azure sql server so I can connect to it without giving full admin to the server. But it turns out the web api cannot connect with that user. It can connect with the admin just fine. Also I know the password and firewall are fine cause I'm able to connect with the non-admin account through SSMS which got me really confused. For now I just deployed with the master account. But would be good if I could fix this.
It is a good practice to not to use full privelleges user rather than action based user for each operation like SELECT select_user, Update update_user and so on.
How ever each of these user should be given connection right as well which seems to be not set in your case.
for this go in object explorer
server connection > security > login >
select your user and right click on it and select properties
in general select sql authentication and mention password and also click on status option and make sure that "Permission to connect ..." is enable and login is also
I am trying to access my local database using a web service also running locally on the Default Website in IIS7. I previously always used Windows Authentication but I read that to use web services you have to use SQL Server authentication, I have no experience with this but tried it out. I created a new login, but when I try using those credentials in my connection string:
connectionString="Server=.\SQLExpress;Database='SponsorChild';Trusted_Connection=True;User Id=abc;Password=abcpass" name="SponsorChildDatabase"/>
and try using the web service, I get the error:
System.Data.SqlClient.SqlException: Cannot open database "SponsorChild" requested by the login. The login failed.
Login failed for user 'IIS APPPOOL\DefaultAppPool'.
So it seems not even the right user is being passed. Moreover, when I try logging in using SQL Management Studio, it also gives me a login error (error 18456 with state 38). I apologize if this is just some rookie mistake, but I'm just starting out with databases and website building and still have a lot to learn. Any help is greatly appreciated.
Trusted_Connection=True uses the Windows credentials and not the provided username and password. The user you've setup in the database doesn't play a role. You either need to use SQL Server auth or authenticate the Windows account the service is running under.
This is a sample connectionstirng not using Windows credentials:
Server=myServerAddress;Database=myDataBase;User ID=myUsername;Password=myPassword;Trusted_Connection=False;
To create a SQL Server login that uses SQL Server Authentication (SQL Server Management Studio)
1.In SQL Server Management Studio, open Object Explorer and expand the folder of the server instance in which to create the new login.
2.Right-click the Security folder, point to New, and then click Login.
3.On the General page, enter a name for the new login in the Login name box.
4.Select SQL Server Authentication. Windows Authentication is the more secure option.
5.Enter a password for the login.
6.Select the password policy options that should be applied to the new login. In general, enforcing password policy is the more secure
option.
7.Click OK.
The fact that the database is local probably means you administer it yourself, so here is a manual for setting the sql server authentication.
Check to make sure:
that you have the proper server name in your connection string. Is it really localhost? Or did you perhaps install SQL Server Express and it ended up being (local)\SQLExpress instead??
that the server you're connecting to has a login for User-Desktop\user(check in Object Explorer -> (your server) -> Security -> Logins)
that the database ASPNETDB has a user based on that login so that you can use that database (check in Object Explorer -> (your server) -> Databases -> (your database) -> Security -> Users)
that your admin.aspx page is truly referencing that connection string you've given (ConnectionString1). Is there by any chance a separate web.config in your Admin folder that e.g. has a different connection string, and the admin.aspx page references that connection string instead??