开发者

Give Asp.net mvc app permission to drop and create SQL Server Database

开发者 https://www.devze.com 2023-04-05 20:08 出处:网络
I am using SQL Server 2008 R2 and am facing a problem. The application that I have developed needs to be tested at client\'s site which is at different locality. So I plan to configure the client\'s m

I am using SQL Server 2008 R2 and am facing a problem. The application that I have developed needs to be tested at client's site which is at different locality. So I plan to configure the client's machine once and then for any changes related to application I will just distribute a asp.net mvc deployment package which client can deploy on IIS. For that, I need to provide my asp.net application ability to drop and create database (through codefirst entity framework). In the present configuration, I am facing permission issue related to dropping the database. The Application somehow is unable to drop the database. Here is summary of IIS and SQL Server configuration that I am using.

For IIS, I have set the Application Pool Identity to "Local Service" as per the standard practice. The connection string in asp.net web.config file is given below.

connectionString="Server=.\SQLEXPRESS;Database=SomeDatabase;Trusted_Connection=true;User Id=someuser;Password=somepassword" />

开发者_开发知识库For SQL Server Service, I have provided "Local Service" as log on, again providing the minimum access here for the service. For SQL Server Instance Logins I have defined the user and password and given complete authority ("sysadmin") role.

With this configuration in place I was expecting my IIS application to connect using the user and password created above and have the ability to drop and create the SQL Server database. But I am getting permission denied for Dropping Database. The Exception is given below.

System.Data.SqlClient.SqlException (0x80131904): Cannot drop the database 'SomeDatabase', because it does not exist or you do not have permission.

I have checked that the database exists so it boils down to permissions. Am I missing out some configuration ?


To be clear, your connection string is a bit malformed, and may not be behaving as you expect.

When you specify Integrated Security=true in your connection string, then Windows Authentication occurs. Any user id= attribute in the connection string will be ignored.

Switch to SQL Server authentication mode by dropping your Integrated Security=true attribute.

   Server=.\SQLEXPRESS;Database=SomeDatabase;
   User Id=someuser;Password=somepassword;

Further, the DROP DATABASE command can be executed by the database owner, a user who's a member of the db_owner role, or a user in a server admin role.

Add the database user someuser to the db_owner role.

 EXEC sp_addrolemember 'db_owner', 'SomeUser';

Alternatively, if you determine that the account above should NOT be in this role (i.e. restrictive security environment, policies, etc), consider creating and using another account just for this purpose. This would likely mean maintaining another connection string. If the separation of users/roles is important enough for you, perhaps this second option will work.


I think that the real account being used on the Sql connection is the 'Local Service' because you defined Trusted_Connection=True in the connection string. Try to remove it and see what happens. If I'm not wrong, this parameter will make use of a Windows Integrated Account, the Local Service in your case.


While specifying credentials in the connection string, you either need to omit Trusted_Connection part or set it to False

Data Source =myServerAddress; Initial Catalog =myDataBase; User Id =myUsername; Password =myPassword;

OR

Server =myServerAddress; Database =myDataBase; User ID =myUsername; Password =myPassword; Trusted_Connection =False;

Refer http://connectionstrings.com/sql-server-2008 for more details.

0

精彩评论

暂无评论...
验证码 换一张
取 消