473,320 Members | 1,974 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

User permission problems. sqlconnection

I've just created a new program in Visual Studio 2005, Visual Basic.
I can publish, install, and run the program just fine as long as the
user is a member of the "Domain Admins" group. My problem is when a
non-admin using tries to run the program. The program gets hung up on
the following line

Dim cn As System.Data.SqlClient.SqlConnection = New SqlConnection("Data
Source=spdb01;Initial Catalog=SToP;Integrated Security=True;")

How can I fix this, or what is the problem. I've been pulling my hair
out over this. I'm sure it's not the permissions on the SQL server,
I've givin the "Domain Users" group full control of the database.

May 3 '06 #1
15 1911
You said "I've givin the "Domain Users" group full control of the database"

then

"My problem is when a non-admin using tries to run the program. "

Ding ding? Non-admin users can't connect to the database, obviously. Add
them.

Any reason you need Integrated Security on SQL? You could pass a
username/password in the connection string instead

http://www.connectionstrings.com

Jeff

"sflynn" <ss*****@gmail.com> wrote in message
news:11**********************@u72g2000cwu.googlegr oups.com...
I've just created a new program in Visual Studio 2005, Visual Basic.
I can publish, install, and run the program just fine as long as the
user is a member of the "Domain Admins" group. My problem is when a
non-admin using tries to run the program. The program gets hung up on
the following line

Dim cn As System.Data.SqlClient.SqlConnection = New SqlConnection("Data
Source=spdb01;Initial Catalog=SToP;Integrated Security=True;")

How can I fix this, or what is the problem. I've been pulling my hair
out over this. I'm sure it's not the permissions on the SQL server,
I've givin the "Domain Users" group full control of the database.

May 3 '06 #2
Jeff,

In my idea is your first solution enough, if the user has no permissions,
than adding the username/password in the connection string has as well not
sense.
"My problem is when a non-admin using tries to run the program. "

Ding ding? Non-admin users can't connect to the database, obviously. Add
them.

Any reason you need Integrated Security on SQL? You could pass a
username/password in the connection string instead


Cor
May 4 '06 #3
I believe that Jeff means that a database user account would be easier
to handle than a trusted connection. Just add the user in the datbase
and supply the credentials in the connection string. Then you don't have
to grant access for a lot of windows user accounts to the database.

That also makes it easier to tighten the security. The user account can
be given permission to a single database, and only permission to execute
stored procedures. That would make the connection totally safe against
SQL injections (unless of course a stored procedure creates SQL
dynamically).

Cor Ligthert [MVP] wrote:
Jeff,

In my idea is your first solution enough, if the user has no permissions,
than adding the username/password in the connection string has as well not
sense.
"My problem is when a non-admin using tries to run the program. "

Ding ding? Non-admin users can't connect to the database, obviously. Add
them.

Any reason you need Integrated Security on SQL? You could pass a
username/password in the connection string instead


Cor

May 4 '06 #4
And you have to make for every user his own connectionstring

Cor

"Göran Andersson" <gu***@guffa.com> schreef in bericht
news:uT**************@TK2MSFTNGP02.phx.gbl...
I believe that Jeff means that a database user account would be easier to
handle than a trusted connection. Just add the user in the datbase and
supply the credentials in the connection string. Then you don't have to
grant access for a lot of windows user accounts to the database.

That also makes it easier to tighten the security. The user account can be
given permission to a single database, and only permission to execute
stored procedures. That would make the connection totally safe against SQL
injections (unless of course a stored procedure creates SQL dynamically).

Cor Ligthert [MVP] wrote:
Jeff,

In my idea is your first solution enough, if the user has no permissions,
than adding the username/password in the connection string has as well
not sense.
"My problem is when a non-admin using tries to run the program. "

Ding ding? Non-admin users can't connect to the database, obviously. Add
them.

Any reason you need Integrated Security on SQL? You could pass a
username/password in the connection string instead


Cor


May 4 '06 #5
Thanks for the replies guys. I'll clarify my issue a little more.
All users in my domain are members of the "Domain Users", I've even
tried adding the specific user I'm testing with as db_owner of the
database, still nothing happens. When a non-admin user gets to the
line where I declare the SQLConnection, it just seems to stop, and then
the program starts eating up memory (using Task Manager) like crazy. I
let it run once until it used up over 200mb, normally the program only
uses 20mb. The program doesn't error out at all, and I've got that
line encased in a "Try, Catch" statement.

May 4 '06 #6
I also just tried passing a username and password to the database. The
admin users are still working, but the others are not. It seems that
the non-admin users don't have permissions to run "Sqlconnection", it
doesn't seem to be a database security problem, but a system security
problem somewhere.

May 4 '06 #7
Also, it works fine for any user on a Windows XP and 2000 workstation,
but not for a regular user on a Windows 2000 Terminal Server.

May 4 '06 #8
No, just one connection string! Everyone logs under the same SQL account

Jeff

"Cor Ligthert [MVP]" <no************@planet.nl> wrote in message
news:uK**************@TK2MSFTNGP02.phx.gbl...
And you have to make for every user his own connectionstring

Cor

"Göran Andersson" <gu***@guffa.com> schreef in bericht
news:uT**************@TK2MSFTNGP02.phx.gbl...
I believe that Jeff means that a database user account would be easier to
handle than a trusted connection. Just add the user in the datbase and
supply the credentials in the connection string. Then you don't have to
grant access for a lot of windows user accounts to the database.

That also makes it easier to tighten the security. The user account can
be given permission to a single database, and only permission to execute
stored procedures. That would make the connection totally safe against
SQL injections (unless of course a stored procedure creates SQL
dynamically).

Cor Ligthert [MVP] wrote:
Jeff,

In my idea is your first solution enough, if the user has no
permissions, than adding the username/password in the connection string
has as well not sense.

"My problem is when a non-admin using tries to run the program. "

Ding ding? Non-admin users can't connect to the database, obviously.
Add them.

Any reason you need Integrated Security on SQL? You could pass a
username/password in the connection string instead
Cor

May 4 '06 #9
What do you mean "not a database security problem"? Of course it is!

I'm surprised you aren't reading what you are writing. Did you see my first
reply? You've set up the admins as users in the database. That means NO ONE
ELSE can access it!

And that is exactly what you are seeing.

And did you even try my suggestion? Don't use Windows Security. Create a
single SQL user account, and put that in the (single) connection string. I
used to work in the SQL Server group at Microsoft, and wrote a book about
it. Trust me.

If you really need Windows Security, follow these steps:

* Ideally, put all the users you need to have access into a company global
domain group. You might have to ask your IT dept for this.

* Otherwise, create a local group on the SQL box. Then add your users to
this group.

* Then create a SQL login for this group, and give access to the appropriate
database.

However, if you don't need this much security, create a single SQL account
(not a Windows account), and use that single account, and pass the username
and password on the connection string. You may need to go through SQL Server
setup to tell it to use BOTH SQL and Windows authentication

Jeff
"sflynn" <ss*****@gmail.com> wrote in message
news:11**********************@u72g2000cwu.googlegr oups.com...
I also just tried passing a username and password to the database. The
admin users are still working, but the others are not. It seems that
the non-admin users don't have permissions to run "Sqlconnection", it
doesn't seem to be a database security problem, but a system security
problem somewhere.

May 4 '06 #10
Also, just run Query Analyer. Have a non-admin user log onto your
workstation, and have them start up Query Analyzer, and try to connect to
the database. They won't be able to. So it's not in your app, it's in SQL
security.

Jeff

"sflynn" <ss*****@gmail.com> wrote in message
news:11**********************@u72g2000cwu.googlegr oups.com...
I also just tried passing a username and password to the database. The
admin users are still working, but the others are not. It seems that
the non-admin users don't have permissions to run "Sqlconnection", it
doesn't seem to be a database security problem, but a system security
problem somewhere.

May 4 '06 #11
I've tried using the non integrated SQL security, and passing the
username and password. On Windows XP/ 2000 workstatiosn it works fine
as both an admin and regular user using integrated and SQL security.
But when a user tries to log in from a Windows 2000 Terminal Server, it
doesn't work. When I make that user a member of the local
Administrators group on the terminal server (not domain admin) it also
works.

May 4 '06 #12
Jeff,

But that is much more dangerous than permitting the domainusers in SQL
server the use of a table in the databaseserver and than to use integrated
security.

Whit what you suppose everybody can use the database. (Which can be in some
circumstances withouth problem ). However here the OP talks about his domain
users.

Cor

"Jeff Dillon" <je********@hotmail.com> schreef in bericht
news:eN**************@TK2MSFTNGP02.phx.gbl...
No, just one connection string! Everyone logs under the same SQL account

Jeff

"Cor Ligthert [MVP]" <no************@planet.nl> wrote in message
news:uK**************@TK2MSFTNGP02.phx.gbl...
And you have to make for every user his own connectionstring

Cor

"Göran Andersson" <gu***@guffa.com> schreef in bericht
news:uT**************@TK2MSFTNGP02.phx.gbl...
I believe that Jeff means that a database user account would be easier to
handle than a trusted connection. Just add the user in the datbase and
supply the credentials in the connection string. Then you don't have to
grant access for a lot of windows user accounts to the database.

That also makes it easier to tighten the security. The user account can
be given permission to a single database, and only permission to execute
stored procedures. That would make the connection totally safe against
SQL injections (unless of course a stored procedure creates SQL
dynamically).

Cor Ligthert [MVP] wrote:
Jeff,

In my idea is your first solution enough, if the user has no
permissions, than adding the username/password in the connection string
has as well not sense.

> "My problem is when a non-admin using tries to run the program. "
>
> Ding ding? Non-admin users can't connect to the database, obviously.
> Add them.
>
> Any reason you need Integrated Security on SQL? You could pass a
> username/password in the connection string instead
>

Cor


May 4 '06 #13
No, actually NOBODY can use the database, except the single logon user

But yes, EVERYBODY who uses the app, can access the database, under that
same account.

But I didn't read carefully enough, he has problems with Terminal Server
users.

Jeff
"Cor Ligthert [MVP]" <no************@planet.nl> wrote in message
news:%2****************@TK2MSFTNGP02.phx.gbl...
Jeff,

But that is much more dangerous than permitting the domainusers in SQL
server the use of a table in the databaseserver and than to use integrated
security.

Whit what you suppose everybody can use the database. (Which can be in
some circumstances withouth problem ). However here the OP talks about his
domain users.

Cor

"Jeff Dillon" <je********@hotmail.com> schreef in bericht
news:eN**************@TK2MSFTNGP02.phx.gbl...
No, just one connection string! Everyone logs under the same SQL account

Jeff

"Cor Ligthert [MVP]" <no************@planet.nl> wrote in message
news:uK**************@TK2MSFTNGP02.phx.gbl...
And you have to make for every user his own connectionstring

Cor

"Göran Andersson" <gu***@guffa.com> schreef in bericht
news:uT**************@TK2MSFTNGP02.phx.gbl...
I believe that Jeff means that a database user account would be easier
to handle than a trusted connection. Just add the user in the datbase
and supply the credentials in the connection string. Then you don't have
to grant access for a lot of windows user accounts to the database.

That also makes it easier to tighten the security. The user account can
be given permission to a single database, and only permission to
execute stored procedures. That would make the connection totally safe
against SQL injections (unless of course a stored procedure creates SQL
dynamically).

Cor Ligthert [MVP] wrote:
> Jeff,
>
> In my idea is your first solution enough, if the user has no
> permissions, than adding the username/password in the connection
> string has as well not sense.
>
>> "My problem is when a non-admin using tries to run the program. "
>>
>> Ding ding? Non-admin users can't connect to the database, obviously.
>> Add them.
>>
>> Any reason you need Integrated Security on SQL? You could pass a
>> username/password in the connection string instead
>>
>
> Cor
>



May 4 '06 #14
Jeff,

But I didn't read carefully enough, he has problems with Terminal Server
users.

Where, just at his latest replies while this is probably the most relevant
information.

Cor
May 5 '06 #15
Your point? Don't waste my time

"Cor Ligthert [MVP]" <no************@planet.nl> wrote in message
news:eW*************@TK2MSFTNGP05.phx.gbl...
Jeff,

But I didn't read carefully enough, he has problems with Terminal Server
users.

Where, just at his latest replies while this is probably the most relevant
information.

Cor

May 5 '06 #16

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
by: Nayt Grochowski | last post by:
Does anyone see any problem with the loading a SqlConnection into the System.Web.HttpContextCurrent.Items collection in a Page's Constructor. Then Closing and Disposing of it the OnUnload method? ...
2
by: RF | last post by:
Hi, I have an app that I need to set some values in the CurrentUser and LocalMachine of the Registry. If the user has administrator previledges, no problems occur. However, if the user if of...
1
by: Earl Teigrob | last post by:
Background: When I create a ASP.NET control (User or custom), it often requires security to be set for certain functionality with the control. For example, a news release user control that is...
5
by: Norsoft | last post by:
I have a .Net 1.1 application which is downloaded into an aspx page. It is a dll which inherits from System.Windows.Forms.UserControl. It works fine on a PC with only the 1.1 Framework. However,...
6
by: Andrew Chalk | last post by:
My application attempts to connect to an SQL Server database as name ASPNET and Login Name SERVERNAME/ASPNET in response to these commands: SqlConnection myConnection = new SqlConnection("Data...
4
by: James | last post by:
I have a VB windows forms application that accesses a Microsoft Access database that has been secured using user-level security. The application is being deployed using No-Touch deployment. The...
1
by: James | last post by:
I have a VB windows forms application that accesses a Microsoft Access database that has been secured using user-level security. The application is being deployed using No-Touch deployment. The...
5
by: Segfahlt | last post by:
I need a little help here please. I have 2 win forms user controls in 2 different projects that I'm hosting in 2 different virtual directories. The controls have been test and operate okay in...
1
by: goc | last post by:
I have a Web Farm, that fetches its database-data from a separate database-server. Today I was forced to go over to .NET 2.0 (since 1.1 can't be installed on Windows Vista x64), and it brought...
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
0
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.