Security :: Windows Authentication / "Permission Denied" Error?
Feb 15, 2010
I am writing an internal web app for a company who wont to use their existing Active Directory Logins (rather than a seperate SQL Database User Login Table).
To do this I have done the following
web.config
<authentication mode="Windows">
<identity impersonate="true"/>
<authorization>
<deny users="?"/>
<!-- Allow Public Users to Access -->
<allow users="*"/>
</authorization>
<roleManager enabled="true"
defaultProvider="AspNetWindowsTokenRoleProvider"/>
End
This seems to work on my localhost but I have a couple of questions for you guys.
1) How does this process know which active directory to authenticate against? I know in code you can do
LdapAuthentication adAuth = new LdapAuthentication("LDAP://Server");
But there seems to be no way to do this in the web.config (I'm guessing it will just use the active directory on current machine it's running on?). Is there away to specify which active directory I'd like it to authenticate against?
2) If a user tries to access this remotely (i.e. not on their native windows account) what will happen, will it just default to a login form or just throw a "Permission Denied" error?
how I can correct an error. I've built the MVCMusicStore tutorial here:
http://mike-ciccone.com/Store/
The first time I visit the site and attempt a database connection I get this error:
Exception Details: System.Data.SqlClient.SqlException: CREATE DATABASE permission denied in database 'master'.
But when I refresh, it all works fine. I'm at a bit of a loss. I don't believe I'm attempting to create a database, but I realise that the error may not really have anything to do with that. This is hosted at GoDaddy shared hosting. The database was created and I used an SQL script to create the tables initially and populate the data. My connection string works as I can pull data from the database, but I do have a feeling it will be a web.config setting that will correct this.
Using MS article http://msdn.microsoft.com/en-us/library/ms998317.aspx, I created a web site to develop a forms authentication solution for our web app. The server is Win 2003 w/IIS 6 and the app is VB.NET. The web.config was updated for forms authentication and settingsappear below:
I have deployed my website on my local machine, I have checked "Integrated Windows Authentication" under Directory Security tab, and addedthese lines to activate Windows Authentication.
[Code]....
But It is generating error on line:Line 36: <identity impersonate="true" userName="******" password="******"/>
This is really weird I am really stuck on this issue. Now the Environment is WIN2K3 Server is my web server Database is SQL 2008 is in the domain itself I have deployed the application which was using the SSO from the parent Share Point Site and was having forms authentication Now the Users to access the application can be outside domain /inside domain so we have logic to get the internal employee or external But the Problem starts when we have got the request to have the application ready for Internal Users like a Intranet application and we need to have the windows authetication in place Now the problem was with WINDOWS authentication I am not able to get to the HTTP Handlers I have in my code thats really wierd as all was working well having the forms auth. I have changed the following things to make it windows auth. Changed the AUthentication in WEB.Config Unchecked the Anynomous user from Directory Security in IIS.
My Problem is ALL application works well except when I tried to call http_handler It is giving me 404 0 2 in IIS logs page not found when I tried to say window.location = "myhandler.myextension?id=285dc559-8293-44f3-a018-4e7024c82e5b" Gives me Page not found error.
I am getting the error message "SELECT permission denied on object 'MyTable', database 'MyDB', owner 'dbo'.", when trying to run a small asp.net application via a browser where i work.
I built it on my local machine(VS 2008, C#) and transferred over to an IIS server(i.e. Windows Server 2003) and I have also enabled the application folder in IIS.
It runs fine on my local machine. Connection string in web.config on my local machine <add name="connstring" connectionString="Data Source=DBASE;Initial Catalog=MyDB;Integrated Security=true" providerName="System.Data.SqlClient"/>
on the server, connection string is <.......;User Id=userid;Password="mypassword" />.
But when i swapped connection string on server to use <Integrated Security=true>, and tried to run from a browser again, i get:
Login failed for user 'SVRSERVERNAME$'
I have a couple of other apps I built in the past and they are running fine, I didn't do anything special, just transferred them as normal to server and ran through browser
In fact, one of my previous apps even uses the same table and database. but with this new app, I don't know why it wouldn't work even though it runs perfect on my local machine
I can access the database manually from SQL Management studio, i connect to it using my Windows account or the given username/password credentials.
Other thing I noticed, when I changed the connection string on my local machine web.config to use <User Id=userid;Password="mypassword">, i then get same error as if it was running from the server:
SELECT permission denied on object 'MyTable', database 'MyDB', owner 'dbo'.
I have upload my files in domain.after uploading,i run the site.i get the following error The EXECUTE permission was denied on the object 'xxxxxxx', database 'zzzzzzz', schema 'dbo'. what reason for this error raised and how to solve it?.
I am using Itext sharp to create a pdf. I am adding an image and I keep getting this error
Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, ersion=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
it is this bit of code that is causing this
[Code]....
If i comment this out, the PDF builds and no errors are thrown (there is just no image)
I don't understand cause I am am trying to do is read a file.
I set authentication mode to Windows in the web.config and I enable Windows Authentication and disable the Anonymous Authentication in IIS 7 on win 7, but HttpContext.Current.User is always null.It works fine when I host the web app in IIS 6.0.
I have been trying to avoid the windows login userid and password window when I use the Windows Authentication mode for a web site. I need to capture the the windows logon user name without prompting for the user id and password and display that on the web site. I had tried almost everything... changed authentication,security setups on IE and IIS etc... still not being able to avoid the window...
We have a working version of application (Intranet) with uses Windows Authentication deployed in Windows 2003. The application uses HttpContext.Current.User.Identity.Name to get the logged-in user. Here impersonate is turned off.Right now, we are move to Windows 2008 RC2 where this Windows Authentication problem arised. I have Digest Authentication and Windows Authentication enabled. And also I have enabled Anonymous Authentication enabled to avoid the Login dialog of IIS in the end-user IE. Now I am getting HttpContext.Current.User.Identity.Name as Empty. When I impersonate using username and password, I am used to login using that user but all the users uses the same user to login.Does any has solution for this?Deployment Server - Windows 2008 RC2 (IIS 7.5)Development - Windows 7 (IIS 7.5)I am new to IIS 7.5. Please give me a solution
I have recently succeeded doing a Publish to server from my local sql db and run the sql script on my web host's sql server 2005 db. Now, I get the "The EXECUTE permission was denied on the object 'MyStoredproc', database 'db12345', schema 'dbo'." error.I have Visual Studio Professional 2010, and that's where I create and manage my tables (in Server Explorer). However, when I right-click a stored procedure, I don't get a Seurity option or the like, where I could possibly set permissions.
I'm a bit usure of what SqlServer applications I have installed (as they are intertwingled with the Aps.Net stuff somewhat). When I look at Add/Remove software, this is what I find:
Microsoft Sql Server 2008 (562 MB) Microsoft Sql Server 2008 Native Client Microsoft Sql Server 2008 R2 Data-Tier Application Framework Microsoft Sql Server 2008 R2 Data-Tier Application Project Microsoft Sql Server 2008 R2 Management Objects Microsoft Sql Server 2008 R2 Transact-Sql Language Service Microsoft Sql Server 2008 Setup Support Files Microsoft Sql Server Compact 3.5 SP2 ENU Microsoft Sql Server Database Publishing Wizard 1.3 Microsoft Sql Server Database Publishing Wizard 1.4 Microsoft Sql Server System CLR Types Microsoft Sql Server CSS Writer
Can I use any of these apps to set the security settings? Or would I possibly not be allowed to change any settings at the web host's Sqlserver 2005 server anyway (due to security reasons)? Frankly I don't think I could ask them to change the settings for over a hundred stored procedures, and then call them each time I create a new one.
And also, I can't understand what the point would be in setting different security levels on SELECTs and UPDATEs etc. After all, all my pages call UPDATE statements (for collecting statistics). I guess that the host could set execute permissions on the entire folder (not sure though) but it would of course be a stupid idea if I'm wrong regarding this matter.
Using VS 2008, and i downloaded sql server 2008 that came with installation. I created an applicaton, which runs perfectly when i click run from VS. but when i moved it to wwwroot folder, this error poped up:
CREATE DATABASE permission denied in database 'master'. Cannot attach the file 'C:InetpubwwwrootooksApp_Dataooks.mdf' as database 'books'. This is my <connectionStrings> <add name="books" connectionString="Data Source=.SQLEXPRESS;AttachDbFilename=C:InetpubwwwrootooksApp_Dataooks.mdf; Integrated Security=True; trusted_connection = true; User Instance=False; Initial Catalog=books" providerName="System.Data.SqlClient"/>
I am really face with a difficult problem that i have been battling for the past week. My application requires a login. I am Using asp.Net services (membership and roles) to manage members who login. The application performs very well on my local computer.
However, when i transfered it to my web hosting server (production server), I am faced with this horrible execute permission below
(The EXECUTE permission was denied on the object 'aspnet_Membership_GetPasswordWithFormat', database 'GuardwellProjectDatabase', schema 'dbo'.)
Another issue is that i am using a shared hosting site with my hosting company and on contact them with the problem, the said it is not possible to grant me execution permission.
Server Error in '/' Application.
The EXECUTE permission was denied on the object 'aspnet_Membership_GetPasswordWithFormat', database 'GuardwellProjectDatabase', schema 'dbo'.
Description: An unhandled exception occurred during the execution of the current web request. review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Data.SqlClient.SqlException: The EXECUTE permission was denied on the object 'aspnet_Membership_GetPasswordWithFormat', database 'GuardwellProjectDatabase', schema 'dbo'.
I have a web application with a textbox and a button. When i click the button with a folder name in textbox a .xml file should be created in C: folder getting all the data from a method which retrives data from DAL. But clicking on button gives the error of access denied. I dont have sufficient permission. But when i run visual studio as administrator, this permission error does not occur, instead some other error i get. How can i get this permission to run this application?
I have to invoke SSIS packages from web service in the most secure way. I think that windows authentication will be secure but i am not sure. I do not have much knowledge about how to achieve this and the information on the internet is very distributed.
We use Sharepoint to control our websites. We build the sites, then load them into the sharepoint server. My question is if I use windows authentication, how can I get my role security in my web config file to coencide with the asp.net controls that use the Forms authentication. Is there a differenence? Our security uses a session variable for security but there is no where to set up their permissions except in active directory. I hope this makes sense because I would like to implement the LoginView with Role groups but how can I give them the role="administrator"? Do I have to go into active directory and give them these permissions(would take awhile due to the size of the company)? Or do I have to set up priveladges in the web.config file for each user(difficult I think)?
I'm writing a simple Intranet application using windows authentication. I want to restrict access to Safe/UCantSeeMe.aspx. I am aware of the AuthorizeAttribute, but this only works on methods. I also found a good post on doing this with the MVC pattern, but I'm not using MVC. This can be done with roles in forms based security. I read on MSDN that using windows based security means roles are based on groups, but it doesn't go into any detail. how can I restrict access to Safe/UCantSeeMe.aspx?
I just moved my website from one server to another.It is a simple website to display news. I used dnn for it. The news module is made of a NEWS_ADD.ascx control and a NEWS_EDIT.ascx control. Now on the new server, when I try to edit the existing news, or try to add a new one, it says: "you don't have permission to access /manageadmin/newsadmin/tabid/72/ctl/edit/mid/376/mode/add/language/fr-FR/Default.aspx on this server."