C# application connection problem with SQL Server 2005

M

Mika M

I've made application using C# 2005, which uses customer's SQL Server
2005. Application is working fine when user has administrator rights,
but application fails to connect to database when Windows XP user level
is normal user. I can't understand why normal users can't get
application to work, because ConnectionString is the same in both cases.
ConnectionString is like...

Data Source=MYSERVER\MYINSTANCE;Initial Catalog=MYDB;Persist Security
Info=True;User ID=MYUSER;Password=MYPASSWORD

My customer's computers are using same WORKGROUP - ie. no domain at all.
Any suggestions?
 
I

Ignacio Machin ( .NET/ C# MVP )

I've made application using C# 2005, which uses customer's SQL Server
2005. Application is working fine when user has administrator rights,
but application fails to connect to database when Windows XP user level
is normal user. I can't understand why normal users can't get
application to work, because ConnectionString is the same in both cases.
ConnectionString is like...

Data Source=MYSERVER\MYINSTANCE;Initial Catalog=MYDB;Persist Security
Info=True;User ID=MYUSER;Password=MYPASSWORD

My customer's computers are using same WORKGROUP - ie. no domain at all.
Any suggestions?
Click to expand...

you have to grant permission to the users in the DB or use SQL
authentication
 
M

Mika M

Ignacio Machin ( .NET/ C# MVP ) kirjoitti:
you have to grant permission to the users in the DB or use SQL
authentication
Click to expand...

Thanks - but how? SQL Server Management Studio's Treeview makes me
wonder where should I go and what to do, because SQL Server's user
management is complex to figure out how it really works. So I think many
users, like me, just tries changing something little and tests what is
the effect.

Maybe I have made something right because my connectionstring username &
password is working, and it gives access only to this database it uses. :)
 
P

Paul

My suggestion is to get your application to authenticate the user.

Then create a SQL user specifically for the DB. Lock this user down to
access to stored procedures only. i.e. no table or view access. Execute SP's
only.

This way everytime there is a new domain user/group you do not have to
change the security of your database.

A good implementation of CAS in your application helps too.

Some may think this is basic, but it is effective and secures any external
DB access from users to what they can do via SP's, and requires little
maintenance.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Problems with my SQL Server connection string 2
SQL Server 2005 Express Edition login problem when deploying a windows application 4
Remotely access my application 2
q; connection string 3
Web Service Authentication Error with SQL Server 1
SQL Express User/ Role database to SQL Server 1
Connection timeout when using SQL Server User Instance 3
User Id & Password problems 6

Top