I'm running into an issue when trying to deploy a simple MVC website to Azure. I am using 1 azure website and 1 Azure SQL database.
The boilerplate MVC template in VS2013 uses the Microsoft.AspNet.Identity.EntityFramework provider for the AccountController.cs default controller. When I use this to create the database locally, everything works just fine. However, when I deploy to Azure Websites and update the connection string, the site throws this error:
Cannot open database "master" requested by the login. The login failed.
Login failed for user 'vanillawebsite'.
See full stack trace here: http://pastebin.com/r9jvXgyW (it's massive)
Obviously, on SQL Azure there's no master database, so the default implementation of AspNet Identity Eneity Framework seems to need it though. Manually scripting out the schema to the database doesn't help either (it still attempts to access master for some reason)
Why is it trying to access master database, and how can I work around this?
As said before, SQL Azure has master database and usually when you see this message means that SQL user used in connection string does not have a right to access to the DB in question. Or the DB does not exist, i.e. misspelled name.
Related
I'm creating a simple ASP.net MVC login form using individual user accounts. I created the project following this tutorial: https://learn.microsoft.com/en-us/aspnet/mvc/overview/security/create-an-aspnet-mvc-5-app-with-facebook-and-google-oauth2-and-openid-sign-on
At what point do I connect it to my SQL Server database? In the tutorial, it seems as though the database tables are created automatically, though I've never seen an option to enter my database credentials.
Thanks!
The default template generates you a local database that is stored in the project directory. If I recall correctly, it does not require authentication. You can examine the Web.config file to see the connection string. It will not contain a username and password because it does not require them for that local database.
Here are the steps I took:
In Visual Studio, I created an ASP.NET MVC application with authentication
I specified that the database is an Azure SQL Database living in the cloud
So at this point I have a single project in my solution, the web application project for ASP.NET. And I have this database created in Azure with my membership database objects.
Now what I want to do is create a database project in this same solution for more detailed and in depth database development.
I created a database project, and I can easily set to deploy to Azure but I would be "overwriting" the Azure database that was created initially.
How can I "refresh" the database project I just created to reflect the existing database in Azure at this point so I'm not overwriting?
Basically I'm looking to "sync" up the existing Azure SQL Database with the new database project I just created in the solution.
Any way to do this?
Thanks in advance!
Basically what you want is the Schema Compare feature from SSDT (Sql Server data tools)
https://msdn.microsoft.com/en-us/library/hh272690(v=vs.103).aspx
I have built my MVC 5 project based on entity framework Database First approach by following video tutorials. But what I have obtained is the model. There is nothing in the app_data folder. I want to obtain the .mdf file as well so that I can deploy the database to the azure.
Note: I'm using the server explorer database in VS2013.
I dont think you will be getting any .mdf files on app_data folder.
To deploy your database to Azure:
Right click your database on SQL server, then Tasks->Generate Scripts. On scripting options, select sql azure server
Login to your azure account and create a SQL server and run generated script from the portal by clicking the link below:
while creating your EF connection, use the connection string for your Azure Database like:
At the end you should be ready to use your ORM.
I am very new to Windows Azure - have been into asp.net for about 10 years now and have been deploying applications via Database backup and restore on production and copy of final code bits from source control to the root folder on production database.
I am doing my initial reading and finding it a bit difficult to absorb the overall process of deploying an ASP.Net MVC web Application to Azure.
I have managed to have the database and the website code on Azure and it is up and running, but I can't get to terms on the following points and want to understand them better to have a regular deployment on place as versions of my app keep going up.
Database doesn't work like backup a local database and then upload .bak file and restore to the production server.
Nor can I see my website files.
Update: 04-Aug-2013
Azure Websites have an FTP option. You can see your FTP host name in respective website Dashboard. The username and password for FTP are located in the publish settings file (note: you got to pick up the FTP username and password, NOT the publish username/password. They both are different.
When I am getting ready for version 2.0 of my product, how do I get the database from the Azure SQL, upgrade it to 2.0 and put it back?
I assume the publishing wizard from Visual Studio should be able to take care of code upgrade, but how do I edit my production web.config file on the fly?
How do I take my website offline and show users my custom "offline" page when I am in the middle of the upgrade? (Stopping the website shows up the Windows Azure site not available page).
For your database backup / upgrade questions
For migration of databases to SQL Azure (or pulling them down) the SQL Database Migration Wizard has proven to be a lifesaver for me, get it here:
http://sqlazuremw.codeplex.com/
This will pull and push both data and schema for your database.
For seeing your website files
You won't be able to if you are using Windows Azure Websites.
For editing web.config on fly
You can't. BUT -- you can edit connection strings and appsettings through the 'configure' tab of your website like so:
Turning your website offline during upgrade
While you cannot specifically use the app_offline route without another deployment. One thing you could do is change your default document. This is easily done right in the same 'configure' tab for the website in the portal as I mentioned above, see here:
Hope this helps.
I'll start with appologies; I wasn't sure if this was best posted here of Server Fault so if its in the wrong place then please move :-)
Basic information
I have written the first module of a new application at work. This is written using Visual Studio 2010, targetting .net 3.5 (at the moment) and asp.net mvc 2. This has been working fine during development running on the built in Development server from VS but however does not work once deployed to IIS 7/7.5.
To deploy the application, I have built it in release mode and created a deployment package by right clicking on the project in the solution explorer (this will be done with an automated build in tfs once upgrade from the beta). This has then been imported into IIS on the server.
The application is using windows/domain authentication.
Issue #1
I can fire up internet explorer and browse to the application from a client computer as well as on a remote desktop connection. I can execute the code which reads/stores data in Session fine from the IE instance on the remote desktop but if I browse to it from the client pc it seems to lose the session state. I click on the form submit and the page refreshes and doesn't execute the required code. I've tried setting with; InProc, SQLServer and StateServer. but with no luck :-(
Issue #2
As part of the application it views PDF and Tiff documents on the fly which are on a network share on the office network and creates thumbnails if the document hasn't been viewed before. This works if running on the machine the application is deployed to; however when browsing from a client pc I get an error saying:
Access to the path '\\fileserver\folder\file.tif' is denied
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.UnauthorizedAccessException: Access to the path '\\fileserver\folder\file.TIF' is denied.
ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6) that is used if the application is not impersonating. If the application is impersonating via , the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user.
As this is on a different server the user is not accessible. To get round this I have tried:
1 - setting the application pool to run as domain administrator (I know this is a security risk, but I'm just trying to get it to work at the moment!)
2 - to set the log on account for World Wide Web Publishing service to be the domain admin . When trying to restart the service I get ...
Windows could not start the World Wide Web Publishing Service service on the Local Computer.
Error 1079: The account specified for this service is different from the account specified fro the other services running in the same process.
Any pointers/help would be much appriciated as I'm pulling my hair out (of what little I have left).
Update
I've been using this funky little tool I found -
DelegConfig v2 beta (Delegation / Kerberos Configuration Tool). This has been really usefull. So I've got the accessing of the file share working (there is a test page which will read the files) so now I've just got the issue of passing through the users credentials through to the SQL Server (wans't my choice to do it this way!!) to execute the queries etc. but I can't get it to log on as the user. It tries to access it as "NT Authority\Network Service" which doesn't have a sql login (as should be the logged on user).
My connection string is:
<add name="User" connectionString="Data Source=.;Integrated Security=True" providerName="System.Data.SqlClient" />
No initial catalog is specified as the system is over multiple dbs (also wasn't my choice!!).
I really appriciate all the help so far! :-)
Any further hints?!
Issue #2 - Your options are:
Configure delegation (double-hop authentication) - I haven't done this on IIS7 and it's a bit different to 6, but I believe you will need to enable the web server machine account for delegation in AD, and create an SPN for the web server (eg setspn -A http/<Web Server FQDN> <Domain>\<Machine Name>). Troubleshooting Kerberos can be fairly painful.
Grant access to the network resources to the (domain) application pool account and make sure anonymous authentication is turned on ( <anonymousAuthentication enabled="true" userName="" defaultLogonDomain="" /> )
Response to Update:
You will need to make sure Kerberos authentication is working for SQL Server. Run the query select auth_scheme from sys.dm_exec_connections where session_id=##spid; it will return NTLM or KERBEROS. If it's NTLM, you'll need to do some work configuring SQL Server to use Kerberos. Set an SPN in AD for the SQL service account: setspn -A MSSQLSvc/<SQL Server FQDN>:1433 <Domain>\<Sql Service Account>, restart SQL Server and try the query again. You must use TCP/IP as the connection mechanism (this is the default).
If you don't have an initial catalog, you'll need to make sure that all of the user logins have a default database that they have access to. I would personally pick one database to be the initial catalog as you may get different behaviour depending on how the login is configured.
With this small part of information I could only give some hints:
Issue #1:
Maybe you have a misleading URL as action for the form? Or an caught&ignored exception? Do you have an onError-event in your global.asax.vb?
Sub Application_Error()
Dim ex As Exception = Server.GetLastError
' NOW HANDLE THE EXCEPTION --> REPORTING :-)
End Sub
Issue #2:
I recently had the same exception - I had to check the access-rights for users for this folder and set the appPool-identity to "NETWORKSERVICE". In your case you even try to access a network-folder - check the accessrights on the server and try to use the IP instead of the name - it could be a name-resolution-problem?!
Sorry for this small portion of information... This looks like problems only solveable with direct debug-options on the running server.
Finally last thing on Friday I got it working ...
As I said in the update, the tool for sorting out the delegation of credentials was very handy and helped no end to setting the correct SPN records.
I found I also had to set it up for SQL as I was passing through the credentials into the server. The other thing I found stopping the connections was some of the inbound windows firewall settings where causing problems.
For the connection string; I had to update to:
<add name="ConnectionStringName" connectionString="Data Source=.;Integrated Security=SSPI;Trusted_Connection=True" providerName="System.Data.SqlClient" />
Links I found useful:
Kerberos Authentication and SQL Server
DelegConfig
And even tho it mainly talks about Sharepoint ... this was also useful.
Hope this helps people in the future.