Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How do I get ELMAH to work with SQL Server (permission problems)

I've got ELMAH working on my (Cassini) development server, and was quite happy with it, but now that I'm trying to move everything to my production server (IIS7), the honeymoon looks like being over.

I've got past the "gotcha" with IIS7, which frankly could have been better highlighted in the documentation, and if I just use the in-memory log then it works.

However, I'm trying to get it to use the SQL Server log (as I do on my development system), and I'm getting an error along the lines of:

The EXECUTE permission was denied on the object ELMAH_GetErrorsXml

Well, fine. I know how to grant database permissions, but I'm really struggling to understand which user and which stored procs/tables I need to grant access to.

The thing that's really confusing me is that I didn't have to do anything like this to get it to work on my development server. The only difference I can see is that on my development server it seems to connect as NT AUTHORITY\IUSR, whereas on my production server it seems to connect as NT AUTHORITY\NETWORK SERVICE. (It's just using a trusted connection so I've not explicitly configured it to do that - I presume it's to do with the web server). UPDATE: I've since established that because I'm using Cassini, it was actually logging in as me (an admin) and not IUSR, which explains why I didn't get any permission problems.

On my development server, the IUSR account is a member of the public database role, and has access to the required database (again as "public"). There's no explicit granting of object-level permissions. [See update above - this is irrelevant].

On my production server, I've added NETWORK SERVICE in exactly the same way (public database role, explicit access to the database as "public"). Yet, I get this permission error. Why?!! [See update above - the only reason I don't get a permission error is because I'm running as an admin].

And, of course, if the fact that it works locally is just "luck", I will need to know which SPs/tables to grant access to. My guess would be all 3 SPs and not the table, but it would be good (again) to see some documentation that makes this explicit.

like image 708
Gary McGill Avatar asked Apr 13 '10 13:04

Gary McGill


2 Answers

example of sql needed to give execute permission to the user USER_NAME:

GRANT EXECUTE ON ELMAH_GetErrorsXml TO USER_NAME
GRANT EXECUTE ON ELMAH_GetErrorXml TO USER_NAME
GRANT EXECUTE ON ELMAH_LogError TO USER_NAME
like image 166
gicalle Avatar answered Oct 21 '22 10:10

gicalle


Are you providing ELMAH with a full connectionstring in the web.config? If so, you should know exactly what db user to grant permissions to, right? And yes, permission would be to execute the three ELMAH stored procedures...

Here's a configuration that I've used:

<elmah>
    <errorLog type="Elmah.SqlErrorLog, Elmah" connectionStringName="elmah" />
</elmah>

<connectionStrings>
    <add name="elmah" connectionString="Data Source=XXX;Initial Catalog=XXX;User Id=XXX;Password=XXX;" providerName="System.Data.SqlClient" />
</connectionStrings>
like image 31
Eric King Avatar answered Oct 21 '22 09:10

Eric King