Using MVC and EF Code-First. Question at the bottom, please read on...
I've created a LocalDb database login app_user for the application. Don't want the application using the admin (sa) account - for obvious reasons :)
Database login has it's default database pointing to MyDatabase.
I've created a database user app_user in MyDatabase.
Added the database user to the db_datareader and db_datawriter roles. Application needs to read and write to tables.
When the application logs in and accesses the database, the following error is presented:
CREATE DATABASE permission denied in database 'master'. Cannot attach the file '....\MyDatabase.mdf' as database 'MyDatabase'.
Below are my settings...
Web.config
connectionString="Data Source=(LocalDb)\v11.0;AttachDbFilename=|DataDirectory|\MyDatabase.mdf;Initial Catalog=MyDatabase;Integrated Security=False;User ID=app_user;Password=somepwd" providerName="System.Data.SqlClient" />
Application context Initializer is disabled!
static ApplicationDbContext()
{
// Disable initialization
Database.SetInitializer<ApplicationDbContext>(null);
}
The only reason I can see why Create Database permissions are required is EF expects this if the Initializer is ever enabled! Just a theory!
Workaround: I can get around this error by creating a database user for the app_user login in the master DB, and granting it Create Database permissions. But this would be a security hole, don't want the application login with such permissions.
Question: Why is the Create Database permission required for the database user?
According to this question, it may be an issue related to the class name and database name not matching, which would cause EF to try to create a new database.
entity framework 4.1 code first CREATE DATABASE permission denied in database 'master'
Related
Using VS2017, I have few related tables in DB with constraints etc. I have created blank MVC/WebAPI project with Individual User Account option, installed EF6.2.0, imported entities from DB using 'Code First from Db Model' technique, added keys to Identity User, Role, and Login inside overridden OnModelCreating() and created the first migration. Migration declared all Identity tables (users, roles etc) but also tables which are already in DB which is understandable. When I try Update-Database I get an exception saying that table is already in DB. What is the best practice to solve this problem? I was thinking about commenting out tables in migration leaving only Identity tables.
I have an application that need to the authenticated user id, to be inserted into a table along with the form submitted. I use the code below:
var userId = Int32.Parse((string) Membership.GetUser().ProviderUserKey);
But it give me the error:
Access denied creating App_Data subdirectory
Description: For security reasons, the identity 'IIS APPPOOL\DefaultAppPool' (under which this web application is running), does not have permissions to create the App_Data subdirectory within the application root directory. ASP.NET stores the Microsoft SQL Express Database file used for services such as Membership and Profile in the App_Data subdirectory of your application.
I am not creating anything. I just want to get the UserId of the currently logged in user. It works when I get the name, code below:
var userName = (User.Identity.IsAuthenticated) ? User.Identity.Name : "";
I need the UserId because that's what I use as foreign key constraint to the UserProfile table.
In the Create method of the controller, I assign it as:
serialnumber.UserId = userId;
...
db.SerialNumbers.Add(serialnumber);
How do I get the UserId of the current user?
The default users setup in MVC uses a code-first with an application startup script to create a database. This seems to be required (by default at least) regardless of whether you actually need it or not (I've run into similar scenarios with required database permissions even though it wasn't using the database: still needed the permissions).
You can jump into the Accounts model and EF stuff and wrangle around with it, but IMO it's easier just to allow the IIS account full permission on the root folder of your application directory.
Right click your app directory, Properties, Security, select the appropriate user/group from the list, edit, then grant full control:
Working with Grails 2.3.3 I want to change the sa password for my H2 db or possibly replace sa with a different username with the same admin rights.
If I change the sa password in the dbconsole using the setpassword command and then update the password in the datasource.groovy file is that all I need to do? Or are there other configuration files in the Grails environment I need to update?
I tried to improve security by creating a new user with admin rights in the dbconsole. I then changed the username and password in the DataSource.groovy file. But the application failed to come up and I got an error 'Unable to create initial connections pool - wrong username or password' presumably the sa user is setup elsewhere in the environment. It would be useful to get know where all the db login values are defined?
DataSource.groovy is the only place that Grails looks for database connection info. A plugin or a custom DataSource/connection pool could be configured outside of there, but Grails itself only looks there.
Are you using a file-based H2 database, or starting it outside of Grails as a standalone server? In those cases it should be sufficient to make the change in the database and the corresponding changes in DataSource.groovy. If you're using the in-memory database, your user extra user will be lost when you restart the app.
I created a basic MVC app to do CRUD operations on database tables. I'm using Entity Framework Database First, so I was able to just scaffold out controllers and views very quickly.
We have a dev, qa, and prod database. The schema should be identical with only the data in each being different.
I want to create a dropdown that will let me change the connection string from the app. I'm not sure the best way to do this. It currently works just fine using the dev connection string, but if I manually change the database to qa from web.config, whenever I try to create or update an existing record from the app, I get this error:
"The UPDATE permission was denied on the object"
I don't get this error using the dev database.
The problem is with your database permissions.
Use the following link and go through the security/permissions and you will be able to solved the problem.
http://blog.sqlauthority.com/2012/04/23/sql-server-introduction-to-sql-server-security-a-primer/
Please verify that your user has the same permissions on qa/prod as it does in dev.
I've created an ADO.NET, MVC4, EF5 project which has a relationship between an entity and the built in Membership provider's User.
I have cloned (using git) my repository to an external server and have set up a database with the same name and run the .edmx.sql file created by ADO.NET.
When I run my site on the external server I get the following exception: "Invalid column name 'User_UserId'."
Looking in the database, I can see that Users, Roles, etc. tables have not been created.
What is the best way to do this kind of deployment and rectify my woes?
Update
So I added the tables in question (Users, Roles, UserRole, Applications) to the database by scripting it from the database on my local machine and still the same error occurs.
This seems to be a problem with the mappings in System.Web.Security.Membership.
Any help please?
Okay! Managed to do it. So for anyone else with the same problem - try this:
Create a new DB on the external server
Run the .edmx.sql file on that DB
Change the connection string to your server's name
Run the site locally - this will create the Users, Roles, etc. tables