Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

SQL Login fails from web application for one stored procedure call

Tags:

sql-server

asp.net

sql-server-2012

webforms

Fortunately, this is in UAT rather than production.

The UAT servers are Azure VMs running SQL Server 2012 and Windows Server 2012. On one page in the application I get an error

Login failed for user 'User'. at System.Data.SqlClient.SqlInternalConnection

Microsoft.ApplicationBlocks.Data.SqlHelperParameterCache.GetSpParameterSetInternal(SqlConnection connection, String spName, Boolean includeReturnValueParameter)
at Microsoft.ApplicationBlocks.Data.SqlHelperParameterCache.GetSpParameterSet(String connectionString, String spName, Boolean includeReturnValueParameter)
at Microsoft.ApplicationBlocks.Data.SqlHelperParameterCache.GetSpParameterSet(String connectionString, String spName)

The login is a SQL Server login, not a domain login

On the SAME web page, there are 3 other stored procedure calls that are made to the same database with the same connection string prior to this stored procedure begin called

I have dropped and recreated the stored procedure

I have dropped and recreated the database login

The account is a member of a database role that grants it EXECUTE rights on the schema this stored procedure belongs to

If I log into SSMS as this user, I can:

  • Expand the stored procedure list for the database
  • Expand the parameter list for the affected stored procedure
  • Run the affected stored procedure and get the expected results

I have an alternative web server set up on the SQL Server which uses domain logins in the connection string, that runs with no problem. We are trying to deprecate the SQL Server version of the web site.

Can anyone suggest what might be causing this, and how to address it?

like image 934
Roger Willcocks Avatar asked Dec 04 '25 18:12

Roger Willcocks

1 Answers

Thanks you .NET SqlClient security behaviour. Working call via Data Application block

return SqlHelper.ExecuteReader(ConnectionString, sql_OutboundQueue_TypeAndStatusCount, DBUtility.GetNull(since));

This chains down to calling SqlHelperParameterCache.GetSpParameterSet

Failing call via Data Application block

SqlConnection con = new SqlConnection(QueueDataProvider.ConnectionString);
SqlCommand cmd = new SqlCommand(QueueDataProvider.OutboundQueue.sql_OutboundQueue_Search, con);
con.Open();
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.AddRange(SqlHelperParameterCache.GetSpParameterSet(con.ConnectionString, cmd.CommandText));

Reason: con.ConnectionString has the password cleared if you are using SQL Logins, but only AFTER you call con.Open

Thanks to: ConnectionString loses password after connection.Open

like image 153
Roger Willcocks Avatar answered Dec 06 '25 10:12

Roger Willcocks
Sign in to Comment

Related questions

How can I pass a linq var datatype to a method? [duplicate]
Unsecure posting back from an asp.net control on a secure page while avoiding authentication
How can I clear the previous selection when an asp:TreeView is in an UpdatePanel?
ASP.NET Cache Class - Are there differences between ASP.NET 3.5 and ASP.NET 4.0?
Choose between multiple options with defined probability
static class and multiple simultaneous requests
CompilationLock error in web forms page directive
asp.ImageButton OnClick function inside GridView within an updatePanel
Style for Caption in RADGrid
.Net Break one large form submission into multiple submissions
Setting asp.net timer interval programmatically
Rendering DynamicFolderBundle?
Disabling ASP.net treeview checkboxes

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!