I am supporting a .NET 4.0 (Visual Studio 2010) web application that authenticates to a SQL Server 2008 database which resides on my work intranet. The application authenticates to the database using windows authentication. Thats all fine and dandy if Im developing on my host, but I am developing on a virtual machine that is not on the work domain. Thus when the project build and runs, it throws a SqlClient.SqlException
"Login failed. The login is from an untrusted domain and cannot be used with Windows authentication."
Short of developing on my host and abandoning the VM, what can I do to avoid this error and successfully authenticate to the database so I can build/run the web app? I am willing to store my credentials somewhere locally, though preferably not somewhere that would be under TFS source control (like the web.config) because I couldnt keep the file checked out since there are other developers on the project.
I have tried running Visual Studio as a different user (as the user on my work domain) but I get a "unknown user name or bad password" error.
Note, adding the Virtual Machine to the domain (or connecting to it via VPN) are not options. The VM must remain off the domain. Also note, the virtual machine is running on the computer that is on the domain, and the VM uses a shared connection. So it CAN access the intranet but it can't perform windows authentication to SQL Server.
You can run Visual Studio (or SQL Server Management Studio) as the user on the domain. The trick is, you have to use the “/netonly” option of the “runas” Windows tool, so that you can run as a domain user on a non-domain machine.
Namely, in a command prompt you run this command (filling in your own criteria):
runas /netonly /user:<Domain>\<User_Name> "<Your_Program.exe>"
Alternatively, you can create a shortcut on your desktop, and set this command as the shortcut target. Upon running the shortcut/command, you enter your credentials when prompted and visual studio (or whatever program you like) will run as the domain user.
Join the domain using vpn connection if possible. Vpn can connect you with specific domain credentials. Alternative would be connecting using SQL Server Authentication if SQL Server is configured with mixed authentication.
From what I understand, you have several options:
You could add a user account to the SQL db to allow password authentication
Have the VM join the domain
Create an SSH tunnel to the host SQL server port
Related
I have developed a c# windows application which uses SQL server 2012 database in Visual Studio 2015 which is running well on my pc.
I am to install this application on a number of computers without SQL server installed on it, but when I run the application, its gives me database connection error.
My question is, how can I create the setup file to be able to run the app on those clients pc without installing SQL server on all those computers. Please I need your help.
Thank you.
Am Emmanuel.
Use an Azure database and have the clients connect to that.
Have a look at https://azure.microsoft.com/en-us/services/sql-database/
Alter your application connection string and make sure you keep the connection string secret.
Server=tcp:myserver.database.windows.net,1433;Database=myDataBase;User ID=mylogin#myserver;Password=myPassword;Trusted_Connection=False;Encrypt=True;MultipleActiveResultSets=True;
An important fact is that the clients need to allow communication via port 1433.
If this is not an option create an API application and query the database via that.
If you need a private database per client you can use a database file and connect to the file
https://learn.microsoft.com/en-us/sql/database-engine/configure-windows/sql-server-express-localdb?view=sql-server-ver15
Update based on reply
You can create a pop-up on the application allowing the users to add valid settings and credentials when your appsettings.json is blank or "a test connect" to the database fails.
I have an AWS server (MS SQL SERVER EXPRESS 2008 R2 with IIS), with an elastic IP of 54.214.8.111, security groups configured with HTTP, MS SQL and FTP, and I can connect to the remote virtual machine using the rdp file that amazon gives you in the console.
However when I try to connect via visual studio to test if the database is working, it gives me a "Login failed for user 'dbuser' error. I have a user called dbuser on my SQL Server (on the server side of course) with full access permissions etc. I also cannot connect to an ftp on the server, despite all guides and help doc. Something seems to be simply blocking my connection. I have tried the same thing on multiple computers.
Everything seems to be configured correctly except I suspect the server instance.
Can anyone help? PS I'm fairly new to web development, this is my first AWS EC2 server.
[UPDATE] I just tried to create a new instance in a different location, same thing, maybe I don't know how to configure the SQL Server on the EC2?
It appears that by default EC2 SQL instances have SQL authentication disabled.
In SQL Management Studio, connect as the built in Administrator account, then go to
Server Properties>Security>
Under Server Authentication, change to "SQL Server and Windows Authentication Mode"
Restart SQL
Your local accounts should now work
Try running in elevated mode (right click Visual studio and run as Administrator), solved some issues I was having recently.
I want to connect to a database server on another computer (on the same network) using Windows 7. I have SQL Server 2008 r2 running on win 7 as a server, and the clients are PCs running Win 7 or XP.
When I want to add the user to the server computer, the server can't change the location to search the user because there's no other location available beside the server. What do I need to configure to get this done?
P.S. SQL authentication is not an option because I'm using filestream. Thanks!
You will have to use mixed mode authentication (also known as SQL Server Authentication) if you are not connected to a domain. You can find more details on TechNet: http://technet.microsoft.com/en-us/library/ms144284.aspx
FYI: Make sure your database Server Authentication is SQL Server and WindowsAuthentication mode and you SQL Server Management Studio.
To set up SQL Server and Widows Authentication Mode.
Connect to you SQL Server Instance
Right Click the go to properties
Choose Security on Select a Page Container
Then Choose SQL Server and Widows Authentication Mode on Server Authentication.
Click OK
Regards
We created a local windows username on the database server and used it on a separate machine in IIS7's app pool in the same workgroup. The website app works to log in to the database server.
Now I am on my machine developing in VS 2010 trying to remotely access the database. The user and workgroup don't match on my machine to the web/database servers so I specify the username and password explicitly. When I try to connect VS 2010 to SQL Server 2008 I get the following error:
Cannot open user default database. Login failed.
Login failed for user 'myuser'. (Microsoft SQL Server, Error: 4064)
I have the correct username and password. I am not interested in matching their workgroup and username on my local machine.
How does one log in using Windows Authentication when your local username and workgroup are different from the database server's username and workgroup?
It worked to turn on SQL authentication, enable the sa account, and log in from my home machine. It wouldn't log in with 'myuser' remotely, but does work locally.
The "runas" command almost works:
runas /netonly /user:domain\username "devenv.exe"
You will be prompted for the password. You can also use "cmd.exe" as the final parameter to get a Command Prompt as that other user.
As I said, it almost works for me. I've been able to connect before, but not use SSMS successfully. I was dealing with a VPN as well, so if you have a less restricted path to the server perhaps it will work better for you.
Can you remote into your work machine and use it?
I do this all the time with SQL Server Management Studio for SQL Server 2008 and 2005 (and VS 2010). RUNAS works perfectly, but SSMS will still display your local username in the login screen. Just ignore that and you should be able to access the database without trouble. E.g.: if your local account is mylaptop\fma1 and you log into the mycompany domain as mycompany\jsmith, SSMS will still say "mylaptop\fma1" but will log into the database as mycompany\jsmith.
Microsoft has a Sysinternals addon called "Shell Run As" that lets you do this from Explorer:
http://technet.microsoft.com/en-us/sysinternals/cc300361
Just copy the downloaded file into an appropriate directory, run the .exe with /regnetonly as the argument, and you'll be able to shift-right-click and run as a different user.
How can I configure Visual Studio remote debugging when:
My developer machine is a member of an AD domain, and my username is "DevelopersName".
The "remote" machine is on the same Ethernet segment, but is not part of the domain.
The "remote" machine must run software under "RemoteUserName".
Most documentation I can find suggests that you need have both machines in the same domain and with identical usernames. That's not possible here.
I could possibly add my username to "remote", but the software still needs to run under "RemoteUserName.
If it helps, I could add 2nd network card to my developer machine and directly connect the "remote" machine.
Using VS2008, but will be moving soon to VS2010.
Thank you.
Sorry, but I've just spent the last 10 hours trying to debug your exact problem. My findings are not good.
You need to get your accounts synced, especially if you are using your remote app to connect to other systems in your SOA environment, ie: Sharepoint, AD.
You can to some extent get remote debugging to work, if you create an account on your local machine with the same name as that of your remote machine (lets do it like this rather rather than working with the domain account).
You then need to make sure the remote service is running under this account, and its a member of the administrators group. And by this I mean hold down control, and right click run as - with the remote debugger, and select the user (not required if remote server is logged in as the required user).
Run the wizard it will open the required ports, use Authentication, because non authentication won't debug managed code. Breakpoints are never met, and there is nothing you can do about this.
On your local dev machine, log off your domain account, and log onto the local account with matching name as the account on server thats running the remote service.
Now you stand a change of remote debugging. If you can't do any of the above, sorry there is no workaround, its entirely dependent on the user account and having the right permissions.
If you don't want to create a local account, try starting our debugger via command prompt using the following command:
runas /user:[user#machinename] /netonly [debugger.exe]
E.g.:
runas /user:john#mypc123 /netonly devenv.exe
I assume it's managed debugging you're talking about (for native debugging there's a remote debugging solution with no authentication). In this case, I would suggest that you use a local user to launch the debugger on your machine. If this local user's name and password match "RemoteUserName"'s name and password, it should work.
(Note that this does not preclude you from using the AD account to log in to your workstation, you just need to set up another account and use runas to launch Visual Studio.)