0

I'm writing Windows Service in C# and inside of it I'm unable to connect to the database. This is the question I've asked recently: SqlException: Cannot open database "path\db.mdf" requested by the login. The login failed. Login failed for user 'NT AUTHORITY\SYSTEM'

What I've done so far:

1) In server properties set flag "Identity verification with Sql Server and Windows" 2) Created login for sql server. Added user to the database with that login. 3) Added all available roles to this login.

Part 1: If I connect to the server using Sql Server 2012 Identity Verification and than trying to attach database that is in some folder I get:

CREATE FILE encountered operating system error 5(Access is denied.) 
while attempting to open or create the physical file 'path\db.mdf'. 
(Microsoft SQL Server, error: 5123)

But I can attach the database if it's in this folder:

C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\DATA

That's in SSMS.

Part 2: What do I get when trying to attach database from Visual Studio 2012:

The attempt to attach to the database failed with the following information:  
Login failed for user test_user

If I use this connection string in my code: 

<add name="ConnectionName"
         connectionString="metadata=res://*/Model1.csdl|res://*/Model1.ssdl|res://*/Model1.msl;
     provider=System.Data.SqlClient;provider connection string='data source=(LocalDB)\v11.0;
     attachdbfilename=&quot;path\db.mdf&quot;;
     connect timeout=30;
     User Id=test_user;Password=1;
     MultipleActiveResultSets=True;
     App=EntityFramework'"
         providerName="System.Data.EntityClient" />

I get from my Windows Service app (written in C#) the following exception: 

EntityException: The underlying provider failed on open. 

Inner excetion: SqlException: Login failed for user test_user.

I'm sure I typed the login properly. I get this error whether the database is in MSSQL\DATA folder or not.

There is something wrong with the permissions to access some folders on my computer, but I don't know why, I've given this user all the permissions!

Also, one time after computer restart the windows service started properly and was able to connect to the database, but after some time it lost this ability. And I don't know why.

Please help, I'm struggling with this issue for the last 4 days. Thanks!

Aleksei Chepovoi
  • 3,915
  • 8
  • 39
  • 77
  • 1
    I already answered this question before: http://stackoverflow.com/questions/19060441/cannot-install-adventureworks-2012-database-operating-system-error-5-access-i/19061831#19061831 – CRAFTY DBA Nov 26 '13 at 21:28
  • I've given the NT SERVICE\MSSQLSERVER account the db_reader and db_writer permissions and now I don't get "error 5(Access is denied.)" in SSMS, but I'm still unable to connect to the db from Visual Studio 2012 (and my application too). I updated the question, see "Part 2". Thanks! – Aleksei Chepovoi Nov 27 '13 at 07:17

1 Answers1

0

If you are writing an application you have to decide how to handle security.

There are two solutions for security in SQL Server.

1 - AD Security - Is SQL Server going to handle it via AD? the make sure the connection string uses trusted security. Make sure to add the employees AD account as a login/user and set the default database to the application one, not master. See my article on crafting databases.

http://craftydba.com/?p=656

2 - Standard Security - If the application is going to handle it, you need to use standard security. Create an application account (login/user).

Next, create an internal user table with different security levels. You will want to use application roles to enforce the different security levels.

Overall, you might want to look into using schema to separate and secure database objects.

http://craftydba.com/?p=1532

It looks like you have some reading and home work to do ...

CRAFTY DBA
  • 14,351
  • 4
  • 26
  • 30