tags:

views:

96

answers:

1
Q: 

How do I get ELMAH to work with SQL Server (permission problems)

I've got ELMAH working on my (Cassini) development server, and was quite happy with it, but now that I'm trying to move everything to my production server (IIS7), the honeymoon looks like being over.

I've got past the "gotcha" with IIS7, which frankly could have been better highlighted in the documentation, and if I just use the in-memory log then it works.

However, I'm trying to get it to use the SQL Server log (as I do on my development system), and I'm getting an error along the lines of:

The EXECUTE permission was denied on the object ELMAH_GetErrorsXml

Well, fine. I know how to grant database permissions, but I'm really struggling to understand which user and which stored procs/tables I need to grant access to.

The thing that's really confusing me is that I didn't have to do anything like this to get it to work on my development server. The only difference I can see is that on my development server it seems to connect as NT AUTHORITY\IUSR, whereas on my production server it seems to connect as NT AUTHORITY\NETWORK SERVICE. (It's just using a trusted connection so I've not explicitly configured it to do that - I presume it's to do with the web server). UPDATE: I've since established that because I'm using Cassini, it was actually logging in as me (an admin) and not IUSR, which explains why I didn't get any permission problems.

On my development server, the IUSR account is a member of the public database role, and has access to the required database (again as "public"). There's no explicit granting of object-level permissions. [See update above - this is irrelevant].

On my production server, I've added NETWORK SERVICE in exactly the same way (public database role, explicit access to the database as "public"). Yet, I get this permission error. Why?!! [See update above - the only reason I don't get a permission error is because I'm running as an admin].

And, of course, if the fact that it works locally is just "luck", I will need to know which SPs/tables to grant access to. My guess would be all 3 SPs and not the table, but it would be good (again) to see some documentation that makes this explicit.

+2  A: 

Are you providing ELMAH with a full connectionstring in the web.config? If so, you should know exactly what db user to grant permissions to, right? And yes, permission would be to execute the three ELMAH stored procedures...

Here's a configuration that I've used:

<elmah>
    <errorLog type="Elmah.SqlErrorLog, Elmah" connectionStringName="elmah" />
</elmah>

<connectionStrings>
    <add name="elmah" connectionString="Data Source=XXX;Initial Catalog=XXX;User Id=XXX;Password=XXX;" providerName="System.Data.SqlClient" />
</connectionStrings>
Eric King  2010-04-13 14:48:21
@Eric: I'm using a trusted connection, so the user actually varies depending on which machine it's running on. If I have to grant explicit permissions, then fine, I can do that. Thanks for confirming that it's just those 3 SPs. To insulate myself from which user it is, I'll create a database role, and make sure that the appropriate user (probably NETWORK SERVICE) is a member of the role. It's a shame that ELMAH doesn't create the roles as part of the setup (like the ASP.NET Membership provider for SQL Server does, for example). It's also a pity that they don't mention the need to do this!
Gary McGill  2010-04-13 15:14:30

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps