OES authentication from SSM proxy

hi all,
I am very new with OES product.
We are using centralized deployment model for SSM.
our application deploy in weblogic server which configure ssm proxy.
I want to do authenication program(login) in my application.
How to authenticate with centralized ssm?
is there any API and reference for it?
With Regards,
WP

On WebLogic, you're better off using the WebLogic SM, which can make authorization calls in-process which would be much faster. You then have the JSP tag library available
http://download.oracle.com/docs/cd/E12890_01/ales/docs32/javadocs/alestags/
as well as the Java API.
http://download.oracle.com/docs/cd/E12890_01/ales/docs32/javadocs/javaapi/
You would authenticate to the WebLogic security framework and any authentication providers you configure.

Similar Messages

PAss thru authentication from solaris 2.9 proxy 36sp2 - iws 6 sp5

hi,
we have a scenario where user's are authenticated at the proxy, then when they access a protected web dir they are authenticated again (the auth window pops up etc)..
given that both these authneticate from the same directory is it possible to pass thru the authentication so that the window does not pop up twice?
thanks

Hi
This as per the HTTP/1.1 RFC (RFC2616)
The Connection general-header field allows the sender to specify options that are desired for that particular connection and MUST NOT be communicated by proxies over further connections.
The Connection header has the following grammar:
Connection = "Connection" ":" 1#(connection-token)
connection-token = token
HTTP/1.1 proxies MUST parse the Connection header field before a message is forwarded and, for each connection-token in this field, remove any header field(s) from the message with the same name as the connection-token. Connection options are signaled by the presence of a connection-token in the Connection header field, not by any corresponding additional header field(s), since the additional header field may not be sent if there are no parameters associated with that connection option.
Read the following at
http://www.w3.org/Protocols/rfc2616/rfc2616-sec8.html#sec8.1.3
and
http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.10
Regards
Nagendra HK

Firefox always asks for a username/password from a proxy for any website I try to visit. "No proxy" is selected.

Firefox is installed on my work computer (v16 on windows XP). When I go to any unsecure website, I get a request for a username and password from a proxy. I don't have one, so I press "cancel." I get the following message (I put the asterisks in):
"This Page Cannot Be Displayed
Authentication is required to access the requested web site ( *******-webproxy ). A valid user ID and password must be entered when prompted.
If you have questions, need assistance with your login information, or feel this is an error, please contact your corporate network administrator and provide the codes shown below.
Notification codes: (1, WWW_AUTH_REQUIRED, *********-webproxy)"
The website in the address bar is: http://*******-webproxy/B0000D0000N0001F0000S0002R0004/http://www.whatever.com/
This started after it upgraded (to which version, I don't remember). I also had another version of firefox installed to my "Local Settings" directory since I can't (un)install programs on the computer. That one was working fine until I upgraded to v.15 or v.16 (or maybe 14... I don't remember), and then I started getting the warning screen for an untrusted connection whenever I went to a secure website (https), I had to confirm a security exception, etc. And even then some pages only appeared as text.
I uninstalled that version, and then installed 17b4, and I'm back to the same problem as the original firefox: unsecure websites always seem to be redirecting through a proxy, and secure ones always tell me the connection is untrusted and I have to confirm an exception. I have "No proxy" selected in the network options. I tried v16 with the same results.
I would love to be able to just go to a website and not have to confirm security exceptions or get web proxy errors.
Internet Explorer works fine, btw.

Not sure from your example but it appears that the address doesn't have a full domain, i.e., the part between http:// and the next / is not a valid internet domain name, e.g.,
http://sometext-webproxy/
In that case, it's probably something running on your computer, either as part of your security software, or as a Firefox add-on, or malware.
A standard diagnostic to bypass interference by extensions (and some custom settings) is to try Firefox's Safe Mode.
First, I recommend backing up your Firefox settings in case something goes wrong. See [[Backing up your information]]. (You can copy your entire Firefox profile folder somewhere outside of the Mozilla folder.)
Next, restart Firefox in Firefox's Safe Mode ([[Safe Mode]]) using
Help > Restart with Add-ons Disabled
In the dialog, click "Start in Safe Mode."
If you can access sites normally, this points to one of your extensions or custom settings as the problem.
To also disable plugins, you can try here:
orange Firefox button ''or'' classic Tools menu > Add-ons > Plugins category
Any change?

Authenticating to Socks proxy using different accounts in a given JVM

I have a J2EE application that runs some background jobs. Each of these background jobs need to connect to an external FTP server. However, all connections must go through a central SOCKS proxy server. The SOCKS proxy server is set up to require authentication using user names and passwords. Everything works fine if I've to use this SOCKS proxy with "a set" of credentials across all background jobs. However, if I want Job1 to use "user1" for SOCKS login, and Job2 to use "user2" for SOCKS login, I can't seem to find a way to do this. I need this functionality for accounting purposes. Any help on how this can be accomplished is greatly appreciated.
Regards,
Sai Pullabhotla

I tried implementing the ThreadLocal idea and I think the code is working as expected, but my proxy logs are not matching up with what the code says. Below is the code I've including a test class. See below the code for my additional comments.
import java.net.Authenticator;
import java.net.PasswordAuthentication;
* A customer authenticator for authenticating with SOCKS Proxy servers.
public class ProxyAuthenticator extends Authenticator {
      * A thread local for storing the credentials to the SOCKS proxy. The Javadoc
      * for ThreadLocal says they are typically used for static fields, but
      * here I've a singleton instance. Hope this is not an issue.
     private ThreadLocal<PasswordAuthentication> credentials = null;
      * Singleton instance.
     private static ProxyAuthenticator instance = null;
      * Creates a new instance of <code>ProxyAuthenticator</code>. Each thread
      * will have its own copy of credentials, which would be <code>null</code>
      * initially. Each thread must call the <code>setCredentials</code> method
      * to set the proxy credentials if needed.
     private ProxyAuthenticator() {
          credentials = new ThreadLocal<PasswordAuthentication>() {
               @Override
               protected PasswordAuthentication initialValue() {
                    System.out.println("ThreadLocal initialized for "
                         + Thread.currentThread().getName());
                    return null;
               @Override
               public void set(PasswordAuthentication value) {
                    System.out.println(Thread.currentThread().getName() + " SET");
                    super.set(value);
               @Override
               public PasswordAuthentication get() {
                    System.out.println(Thread.currentThread().getName() + " GET");
                    return super.get();
      * Returns the singleton instance of this class.
      * @return the singleton instance of this class.
     public static synchronized ProxyAuthenticator getInstance() {
          if (instance == null) {
               instance = new ProxyAuthenticator();
          return instance;
      * Sets the proxy creditials. This method updates the ThreadLocal variable.
      * @param user
      *            the user name
      * @param password
      *            the password
     public void setCredentials(String user, String password) {
          credentials.set(new PasswordAuthentication(user, password.toCharArray()));
     @Override
     public PasswordAuthentication getPasswordAuthentication() {
          System.out.println("Requesting host: " + this.getRequestingHost());
          System.out.println("Requesting port: " + this.getRequestingPort());
          System.out.println("Requesting protocol: "
               + this.getRequestingProtocol());
          System.out.println("Requesting prompt: " + this.getRequestingPrompt());
          System.out.println("Requesting scheme: " + this.getRequestingScheme());
          System.out.println("Requesting site: " + this.getRequestingSite());
          System.out.println("Requesting URL: " + this.getRequestingURL());
          System.out.println("Requestor type: " + this.getRequestorType());
          System.out.println(Thread.currentThread().getName()
               + " Authenitcator returning credentials "
               + credentials.get().getUserName() + ":"
               + new String(credentials.get().getPassword()));
          return credentials.get();
import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.net.Authenticator;
import java.net.InetSocketAddress;
import java.net.Proxy;
import java.net.Socket;
import java.net.Proxy.Type;
* A test class for testing the {@link ProxyAuthenticator}.
public class SocksProxyTest implements Runnable {
      * Socks proxy host, used by the FakeFtpClient
     private static final String SOCKS_PROXY_HOST = "192.168.1.240";
      * Target FTP host to connect to
     private String host = null;
      * Proxy user
     private String proxyUser = null;
      * Proxy password
     private String proxyPassword = null;
      * Creates a new instance of <code>SocksProxyTest</code>
      * @param host
      *            the target FTP host
      * @param proxyUser
      *            proxy user
      * @param proxyPassword
      *            proxy password
     public SocksProxyTest(String host, String proxyUser, String proxyPassword) {
          this.host = host;
          this.proxyUser = proxyUser;
          this.proxyPassword = proxyPassword;
     public void run() {
          // Create the FakeFtpClient
          FakeFtpClient test = new FakeFtpClient(host, 21, proxyUser,
               proxyPassword);
          for (int j = 0; j < 5; j++) {
               try {
                    test.connect();
                    test.disconnect();
                    // Thread.sleep(10000);
               catch (Throwable t) {
                    t.printStackTrace();
      * Test run.
      * @param args
      *            command line arguments
      * @throws IOException
      *             propagated
     public static void main(String[] args) throws IOException {
          // Get the singleton instance of the ProxyAuthenticator.
          ProxyAuthenticator authenticator = ProxyAuthenticator.getInstance();
          // Update the default authenticator to our ProxyAuthenticator
          Authenticator.setDefault(authenticator);
          // Array of FTP hosts we want to connect to
          final String[] ftpHosts = { "192.168.1.53", "192.168.1.54",
                    "192.168.1.55" };
          // Proxy login/user names to connect to each of the above hosts
          final String[] users = { "User-001", "User-002", "User-003" };
          // Proxy passwords for each of the above user names (in this case
          // password == username).
          final String[] passwords = users;
          // For each target FTP host
          for (int i = 0; i < 3; i++) {
               // Create the SocksProxyTest instance with the target host, proxy
               // user and proxy password
               SocksProxyTest spt = new SocksProxyTest(ftpHosts, users[i],
                    passwords[i]);
               // Create a new thread and start it
               Thread t = new Thread(spt);
               t.setName("T" + (i + 1));
               try {
                    t.join();
               catch (InterruptedException e) {
                    e.printStackTrace();
               t.start();
     * A fake FTP client. The connect method connects to the given host, reads
     * the first line the server sends. Does nothing else. The disconnect method
     * closes the socket.
     private static class FakeFtpClient {
          * The FTP host
          private String host = null;
          * The FTP port
          private int port = 0;
          * Proxy login/user name
          private String proxyUser = null;
          * Proxy password
          private String proxyPassword = null;
          * Socket to the target host
          private Socket s = null;
          * Creates a new instance of <code>FakeFtpClient</code>
          * @param host
          * the FTP host
          * @param port
          * the FTP port
          * @param proxyUser
          * Proxy user
          * @param proxyPassword
          * Proxy password
          public FakeFtpClient(String host, int port, String proxyUser,
               String proxyPassword) {
               this.host = host;
               this.port = port;
               this.proxyUser = proxyUser;
               this.proxyPassword = proxyPassword;
          * Connects to the target FTP host through the specified Socks proxy and
          * proxy authentication. Reads the first line of the welcome message.
          * @throws IOException
          * propagated
          public void connect() throws IOException {
               System.out.println(Thread.currentThread().getName()
                    + " Connecting to " + host + " ...");
               // Update the ProxyAuthenticator with the correct credentials for
               // this thread
               ProxyAuthenticator.getInstance().setCredentials(proxyUser,
                    proxyPassword);
               s = new Socket(new Proxy(Type.SOCKS, new InetSocketAddress(
                    SOCKS_PROXY_HOST, 1080)));
               s.setSoTimeout(10000);
               s.connect(new InetSocketAddress(host, port), 10000);
               System.out.println(Thread.currentThread().getName() + " Connected");
               BufferedWriter writer = new BufferedWriter(new OutputStreamWriter(
                    s.getOutputStream()));
               BufferedReader reader = new BufferedReader(new InputStreamReader(
                    s.getInputStream()));
               System.out.println(reader.readLine());
          * Closes the socket.
          public void disconnect() {
               System.out.println(Thread.currentThread().getName()
                    + " Disconnecting...");
               if (s != null) {
                    try {
                         s.close();
                         System.out.println(Thread.currentThread().getName()
                              + " Disconnected");
                    catch (IOException e) {
                         e.printStackTrace();
Looking at the test class, it creates 3 threads T1, T2 and T3. T1 is setup to connect to 192.168.1.53 using a proxy user User-001 and T2 is setup to connect to 192.168.1.54 using proxy user User-002 and T3 connects to 192.168.1.55 using proxy user User-003.
Each thread then loops 5 times to connect to their target servers and disconnect each time. All the debug (System.out) statements indicate that the getPasswordAuthentication is returning the correct credentials for each thread. However, when I look at the logs on the proxy server, the results are different and arbitrary.
Below is the proxy log:
[2011-01-24 11:10:11] 192.168.1.240 User-001 SOCKS5 CONNECT 192.168.1.54:21
[2011-01-24 11:10:11] 192.168.1.240 User-002 SOCKS5 CONNECT 192.168.1.53:21
[2011-01-24 11:10:11] 192.168.1.240 User-002 SOCKS5 CONNECT 192.168.1.55:21
[2011-01-24 11:10:11] 192.168.1.240 User-003 SOCKS5 CONNECT 192.168.1.55:21
[2011-01-24 11:10:11] 192.168.1.240 User-003 SOCKS5 CONNECT 192.168.1.55:21
[2011-01-24 11:10:11] 192.168.1.240 User-003 SOCKS5 CONNECT 192.168.1.55:21
[2011-01-24 11:10:11] 192.168.1.240 User-003 SOCKS5 CONNECT 192.168.1.55:21
[2011-01-24 11:10:11] 192.168.1.240 User-003 SOCKS5 CONNECT 192.168.1.54:21
[2011-01-24 11:10:11] 192.168.1.240 User-002 SOCKS5 CONNECT 192.168.1.53:21
[2011-01-24 11:10:12] 192.168.1.240 User-001 SOCKS5 CONNECT 192.168.1.54:21
[2011-01-24 11:10:12] 192.168.1.240 User-002 SOCKS5 CONNECT 192.168.1.53:21
[2011-01-24 11:10:12] 192.168.1.240 User-001 SOCKS5 CONNECT 192.168.1.54:21
[2011-01-24 11:10:12] 192.168.1.240 User-002 SOCKS5 CONNECT 192.168.1.53:21
[2011-01-24 11:10:12] 192.168.1.240 User-001 SOCKS5 CONNECT 192.168.1.54:21
[2011-01-24 11:10:13] 192.168.1.240 User-002 SOCKS5 CONNECT 192.168.1.53:21
As you can see from the first line in the log, the proxy says User-001 connected to 192.168.1.54, but the code should always connect to 192.168.1.53 with user User-001.
Any idea on what might be going on?

Not authenticated from external ldap in a cluster

I am having trouble getting authenticated from an Iplanet LDAP, when the weblogic is configured in a Cluster.
-I can authenticate with Embedded LDAP domain wide
-I can authenticate on the external LDAP if I send the request to Admin server
Here is my cluster configuration (all with Weblogic 7.0 SP4)
*Admin Server Port: 9209
*Cluster server 1 : 7209
*Cluster server 2 : 8209
*Proxy server : 9090 (configured with HttpClusteredServlet)
http://myserver.com:9090/j_security_check fails
http://myserver.com:9209/j_security_check works
Please let me know what is wrong?

"Bob" <[email protected]> wrote in message
news:3f9fd466$[email protected]..
I am having trouble getting authenticated from an Iplanet LDAP, when theweblogic is configured in a Cluster.
-I can authenticate with Embedded LDAP domain wide
-I can authenticate on the external LDAP if I send the request to Adminserver
Here is my cluster configuration (all with Weblogic 7.0 SP4)
*Admin Server Port: 9209
*Cluster server 1 : 7209
*Cluster server 2 : 8209
*Proxy server : 9090 (configured with HttpClusteredServlet)
http://myserver.com:9090/j_security_check fails
http://myserver.com:9209/j_security_check works
Please let me know what is wrong?Are you sure that the ldap authentication is actually occuring? I would
define the
DebugSecurityAtn="true" attribute on the ServerDebug mbean for the cluster
server members and then look at the log and the ldap_trace.log files to see
what is happening with LDAP.

Authentication from third party product to Portal samaccountname=domain\ID

I am working on a proof of concept at our company to pass authentication from windows ISA server to EP 7.0 Sp10. ISA server is setup as reverse proxy, both ISA and EP are connected to same LDAP.
We are able to successfully authenticate at the ISA server, then it calls the portal server with correct URL like http://portalserver.abc.com:53000/irj, but authentication fails with error message "User authentication failed".
After increasing the log level, I am repeatedly finding that the user name is sent by ISA server as samaccountname=domain
userid. But the portal UME is configured without the domain name, i.e,. samaccountname=userid
Obviously, this can be resolved either modifying the ISA to send only the user ID or configure the portal to accept samaccountname=domain
userid.
Internally we do not have great ISA skills to modify this, so I am wondering if it is possible to change the portal to accept samaccountname=domain
userid. Please advice.
Steve

Hello Srini,
I know that your thread is a bit out of date, but we are facing the exact issue at the moment.
I wonder how did you manage it to have it worked?
Was it at the ISA level or at the Portal Config level?
Thank you

HTTP authentication via reverse proxy

Hi,
I've taken a dig around the interface for the 4.0.4 web proxy and in the documentation but haven't come up with much so far.
What I want to do is configure a reverse proxy so that it feeds the HTTP authentication credentials into the server when we reverse from the proxy to it.
i.e.
user --> revproxy --> (http_details) --> webserver
The user wont enter these, they'll be somehow if possible, be configured into the reverse proxy so it knows what HTTP realm string to match to a target host and feed the credentials into it.
Is this possible?

Since it is just a matter of adding Authorization header, it is possible.
look around for other discussions for adding headers.

SSIS 2012 package runs under SSDT but fails with permission error from SSMS

I have a simple package that pulls data from a text file located on a Windows file server that runs successfully from SSDT on my client.
However, when deployed and running the package via SSMS from the client, the package fails with a permission error, with the error stating that the data file could not be opened.
I have done some investigation and have seen some info that states that a package run from SSMS runs under the account on which you are logged on to the machine, which I would have thought is correct. This is therefore the same account when running from
SSDT (which works) and I can see from the SSIS Report that the 'Caller' is stated as my account, so if this is the case why isin't the package working.
I've also seen an MSDN forum answer which stated the opposite that the package when run from the IS Catalog in SSMS doesn't run under the account on which the client is logged on with, which is the opposite of the above, but doesn't indicate which account
it is using.
So what account is being used to run SSIS 2012 packages from the IS catalog from within SSMS ?
If it is the account on which you are logged onto the client running SSMS, why is it not working when the account has the necessary permissions (as provent when running from SSDT) ?

I am aware it's using my account and not one of the service. There's nothing in the posts above which suggests I'm using the service account. I don't know why people keep assuming that I'm running the package from a job. I've never stated that in any of
the posts I'm running the package from a job. It's been made quite clear I'm running the package from the IS Catalog on SSMS:
"This is simply selecting a package from the IS Catalog, right-clicking and selecting Execute package.", as per the Nov 18 post, and in the original post "....So what account is being used to run SSIS 2012 packages from the IS catalog from
within SSMS".
Just to be clear, the package is NOT being run from a job. It's using the Execute package option when selecting the package within SSMS from the IS Catalog and it's running under the account on which I am logged on to my client.
Please read carefully. I was just answering your question "So what account is being used to run SSIS 2012 packages from the IS catalog from within SSMS ?" and stating that you where right and that it uses your account to run the package
when you execute a package manually from the Catalog and that you can prove that by logging the system variable.
A good suggestion about using a share in the task to map the drive and I will try this. I would find it strange that SSMS requires this mapping whereas SSDT does not though.
Ok let us know your findings. If it doesn't work you can also test it with a password and username:
net use f: \\financial\public yourpassword /user:username
Please mark the post as answered if it answers your question | My SSIS Blog:
http://microsoft-ssis.blogspot.com |
Twitter

Invoking Web Service with PKI Authentication from BPEL process

Hello --
I am trying to test calling a Web service utilizing PKI-based authentication from BPEL running under the 10.1.2.0.2 Process Manager. When I access the service from a browser I am prompted for Username and Password the first time. When I attempt to access it from BPEL I receive this error:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
Is it possible to access this service from BPEL in 10.1.2.0.2? How can I pass the service the required credentials?
Thank you for your time,
Paul Camann

I've gotten past the original error by importing the security certificate of the Web service into my keystore/truststore. I'm also running the process on SOA 10.1.3.1.0. Now when I invoke the Web service from the BPEL process I get this error:
exception on JaxRpc invoke: HTTP transport error:
javax.xml.soap.SOAPException: java.security.PrivilegedActionException:
javax.xml.soap.SOAPException: Bad response: 403 Forbidden
I've tried passing the credentials every way I can -- partner link properties, Oracle Web Services Manager, whatever -- and still get the same error. I would expect to see a 401 error for problems with credentials, not a 403.
Any suggestions?
Thanks for your time.
Paul Camann

Reporting services instance not able to connect from SSMS

Hi All,,
I have installed SQL SERVER 2012 on Windows 8.1. I configured report server in native mode.
* Reporting services is in started state
  * SQl server service is in started state
  * Sql serevr agent is in started state
  * SQL browser is in started state
When i tried to connect Report server instance using SSMS i got the below error.
TITLE: Connect to Server
Cannot connect to .
ADDITIONAL INFORMATION:
Unable to connect to the server at . The specified URL might not be valid or there might be a problem with the report server version or configuration. Specify a different URL, or contact your server administrator to verify that the report server runs SQL Server
2008 or later. Additionally, if you are trying to connect to a SharePoint-integrated report server, verify that SharePoint is installed on the server and that the report server uses SharePoint integrated mode. (Microsoft.SqlServer.Management.UI.RSClient)
BUTTONS:
OK
When i connect using http://localhost/reportserver I am getting below error
The permissions granted to user '' are insufficient for performing this operation.
Though i am the administrator
And when i connect using below URL http://localhost/reports
I get Unable to connect to the remote server
Please suggest your input on the problem

Hi Khushi N,
According to your description, you are administrator, when you tried to connect reporting services from SSMS, the error message occurred. When you tried to access report manager with the URL:
http://localhost/reportserver, you were prompted that the permissions granted to user '' are insufficient for performing this operation.
The Reporting Services error rsAccessedDenied occurs when a user does not have permission to perform an action. To troubleshooting this issue, please make sure that you have sufficient permission and the report server name is correct. You can use the reportserver
URL, e.g. HTTP ://<servername>/ReportServer, to log on the reporting service in SSMS.
In addition, by default, we could not access all of the report server properties available in SQL Server Management Studio unless we start Management Studio with administrative privileges. To configure Reporting Services role properties and role assignments
so you do not need to start Management Studio with elevated permissions each time, please refer to the following document:
From the Start menu, click All Programs, click SQL Server 2012, right-click Management Studio, and then click Run as administrator.
Connect to your local Reporting Services server.
In the Security node, click System Roles.
Right-click System Administrator and then click Properties.
In the System Role Properties page, select View report server properties. Select any other properties you want associated with members of the system administrators role.
Click OK.
Close Management Studio
The issue may be caused by the UAC or Internet Explorer security setting, please try to follow this steps:
1. Open the Internet options of the IE and add the report server URL into trusted site in the Security tab.
2. Run the IE as administrator.
For more information about Configuring a Native Mode Report Server for Local Administration, please refer to the following document:
http://msdn.microsoft.com/en-us/library/bb630430(v=sql.110).aspx
If you have any more questions, please feel free to ask.
Thanks,
Wendy Fu

Database Server - SQL Access: Cannot connect from code but from SSMS

Hi,
I am using following connection string in my asp.net web.config:
[Less than symbol] add name="FMMConnectionString" connectionString="Data Source=xxxxxxxxx,1234;Initial Catalog=Test1Db;User Id=Rajeev;Password=xxxxxxxxxxxxx;" providerName="System.Data.SqlClient" [Slash][Greater than symbol]
The database is on remote database server. The sql user/ developer 'Rajeev' is deliberately given restricted permissions (to protect our schema) using following sql commands:
GRANT ALTER,EXECUTE, SELECT,INSERT,UPDATE,DELETE ON SCHEMA ::dbo TO Rajeev
DENY VIEW DEFINITION ON SCHEMA::dbo TO Rajeev;
GRANT CREATE PROCEDURE TO Rajeev;
GRANT CREATE FUNCTION TO Rajeev;
DENY ALTER ON SCHEMA::dbo TO Rajeev; -- To disallow Rajeev to create objects on dbo schema but only create in Rajeev schema while still being able to select, insert, execute on dbo schema.
The above connection string works perfectly fine when used from Visual Studio> Server Explorer. I am able to execute following sql queries without issues. Same is true when using SQL Server Management Studio using Rajeev credentials.
select top 100 * from XYZEmployees
execute usp_GetMMBSchemeDetails '1'
The error I get in web page is following:
The stored procedure 'usp_GetMMBSchemeDetails' doesn't exist.
When I ran code using breakpoints to see what is happening, I see that when connection object is being instantiated, the connection state is being closed with following error:
at System.Data.SqlClient.SqlConnection.GetOpenConnection()
at System.Data.SqlClient.SqlConnection.get_ServerVersion()
I turned off my firewall to see if it was blocking but it did not help. I tried using Visual Studio 2012 as well as Visual Studio 2013 but same issue showed up.
Kindly let me know why I am able to execute sql queries from SSMS and Visual Studio's Server Explorer but not from application code. Is there something that needs to be enabled on remote database server so that the queries can run from code? I like to create
more users like Rajeev with restricted permissions to develop my application. So kindly provide a solution if you know.
Thanks,
Pullet

Thanks Everyone for your insights :)
RSingh, Your approach works when using SSMS, not when called from application code (example: asp.net code-behind page calling a stored proc using connection object).
My requirement is, I only wanted developer to do front end programming without having the ability to look at backend sql objects definitions. He/she can call the sql objects in the program as needed.
I am able to finally solve this requirement by following approach. Hope it helps others.
1. Right-click Rajeev user in Database> Security>Users and unselect 'dbowner' from 'General' tab> 'Database Role Membership' section even though Default Schema shows up as Rajeev schema. Now, this user can't do anything on dbo schema of database
(as well as in any other user's schema in this database).
2. Ran above commands but excluded following command which was identified as root-cause.
DENY VIEW DEFINITION ON SCHEMA::dbo TO Rajeev;
3. Now ran a script that denies 'view definition' of dbo schema's tables. It loops through all tables and denies 'view definition' on each table. Adapted the script of http://blog.extreme-advice.com/2013/01/23/grant-view-defination-permission-to-all-stored-procedures-in-sql-server/.
Now, the user Rajeev can execute dbo schema objects both from SSMS as well as from application code.
4. DENY EXECUTE, SELECT ON SCHEMA::INFORMATION_SCHEMA TO Rajeev; -- Restricts Rajeev from executing INFORMATION_SCHEMA objects seen in SSMS.
However one remaining open item is, I could not hide the system objects (which are part of sys schema) in SSMS. Ideally, I do not want Rajeev to execute the 'system views', 'system stored procedures', etc. When I execute same command (below command), it
runs without errors but does not apply this restriction.
DENY EXECUTE, SELECT ON SCHEMA::sys TO Rajeev;
If you know the reason why it is happening like this, please kindly share.
Cheers,
Pullet
Cheers | Pullet

Sync Async using proxies ( Calling Outbound proxy from Inbound proxy )

I'm trying to generate Asynchronous Outbound message from the Synchronous Inbound message message due to a requirement. My question is : is it really possible to develop such a scenario?. I'm getting weird error such as Kernal exception etc. Please let me know if you have developed such scenario and what should we do dfifferently in such scenarios?. Thank you for any suggestions.

Hi,
This error has has nothing to do with Calling Outbound Proxy from from Inbound Proxy. The scenario which you are telling is very much possible.
It looks like there is some problem in your proxy code while calling RFC from within there or something like that. Try catching the exception and see what is the exact error or put in debug mode and see the step where exactly your code is failing.
Use the following links for Catching Exception in Proxy
Inbound ABAP Proxy Trace and error handling
Handling Exceptions
ABAP Server Proxies - Fault Handling
Exception handling in integration processes
ABAP Proxy and fault messages
/people/bhanu.thirumala/blog/2006/02/07/abap-proxy--xml-to-abap-transformation
Thanks
Amit
Reward point if answer is helpful

Database mail only works from SSMS not from a job

I have a script that returns its results via DB mail. When I run it from SSMS I get email, when I run it from a job I don't get email
Here is the error message from the DB mail log
Message
The mail could not be sent to the recipients because of the mail server failure. (Sending Mail using Account 1 (2014-09-23T10:12:29). Exception Message: Cannot send mails to mail server. (The operation has timed out.).
I've already enabled mail in SQL server agent.
1. Went into object-explorer, right-clicked on the SQL Server Agent, and selected properties. Then
went to the Alert System page, and enabled the mail profile for the server agent. (you may already have this).
2. Then, went to "Database mail", right-clicked and selected "Configure
Database mail." Selected "Manage profile security" and made sure my profile was set to public. THEN, and this is the kicker, clicked on the "Default Profile" field and set it to "yes".
I'm using SQL server 2012 running on a Windows 7 system
Suggstions?

BOL: Configure SQL Server Agent Mail to Use Database Mail
Using Database Mail with SQL Server Agent
Look in Event Viewer & Agent log to find related messages.
Kalman Toth Database & OLAP Architect
SQL Server 2014 Database Design
New Book / Kindle: Beginner Database Design & SQL Programming Using Microsoft SQL Server 2014

Windows authentication from an enterprise application

Hi All,
Does anyone has any idea how to go about implementing windows active directory authentication from an enterprise application.The requirement is that the users across a particular domain should be able to use the application by using their windows login/password.
Thanks

I think you should look at Sun or Oracle Identity Management Solutions
These product offers what you are looking for and they also have SDKs, so you can really extend their strength.
Regards,
Michael

BIDS - report file permissions issue on master, yet im a sysadmin when running the RDL from SSMS

Im building a report file and when I preview the report, it fails because my account cant access the master database.
My dataset is just calling xp_readerrorlog, which is in master.
I can call it just fine in a query window, but not from BIDS, using a connection with windows security.
I can however, preview the dataset ok, but when I open the RDL file from SSMS under custom reports, I get an login error.
However, if I preview the report...it fails and says the login failed, login failed for user mydomain\myuser ....

Hi,
It seems a permissions related issue, try the following methods to troubleshoot the issue:
1. Use this form of giving the user exec rights on extended stored procedure.
create user usename for login login
go
grant exec on xp_readerrorlog to username
Refer to:
http://social.msdn.microsoft.com/Forums/sqlserver/en-US/ffd3a32b-7e17-4f15-9fb7-fa744611ac7e/minimum-persssion-required-to-execute-spreaderrorlog-system-stored-procedure
2. Run BIDS as administrator and see how it works.
3. Also, check the SQL event log (SQL Server Management Studio > Management > SQL Server Logs) and post the full error message for the failed login.
Thanks.
Tracy Cai
TechNet Community Support

OES authentication from SSM proxy

Similar Messages

Maybe you are looking for