How can I create a database on my server from the web?

Question

I have an admin account for my website where I add new clients. When a new client is added, they get an account and their own database.

The problem is I can't create new databases on my server from my admin account. When running it locally, I can add a database locally. But, when I try adding to the server running my website off the server, I get

CREATE DATABASE permission denied in database 'master'.

I've been able to add the database (locally) a few ways. This is one of the simpler working versions:

tmpConn.ConnectionString = "Data Source=.\\SQLEXPRESS; DATABASE = master;Integrated Security=True;";
sqlCreateDBQuery = " CREATE DATABASE " + dbname;

SqlCommand myCommand = new SqlCommand(sqlCreateDBQuery, tmpConn);
try
{
    tmpConn.Open();
    myCommand.ExecuteNonQuery();

}
catch (System.Exception ex)
{}

Answer 1

You should contact your service provider. (Or the maintainer of the server).

Answer 2

Check the permissions for MySQL: Does your admin account have different settings for a local connection versus any host?

Answer 3

You need create database and create database user permissions. Your service provider should be able to facilitate this.

Answer 4

Something else no one has suggested is what kind of validation you are doing on the dbname value. Are you sure there are no spaces in it? That it's not a reserved word? That it doesn't contain malicious code? At very least you should encase it in brackets:

sqlCreateDBQuery = String.Format(" CREATE DATABASE [{0}]", dbname);

I really hope you aren't allowing the user to type this name directly into a textbox somewhere. Even if you use property security on the initial input and this is pulled back from a common "clients" db of some kind, you might be setting yourself up for a 2nd order Sql Injection vulnerability.

After you've addressed that, we can look at the error message here. In this case, the problem is that your web user does not have appropriate CREATE permissions. You need to correct that and it should allow you to proceed. You probably want to reserve a special account for this that you switch to just at this time, so your application doesn't normally run in a context that would allow this kind of action.

Answer 5

I suspect that whatever account you're using to connect to Sql Server doesn't have permissions to CREATE DATABASE. You're probably using Integrated Security, which would use Network Service/ASP.NET to connect to MSSQL. You need to create a new connection string that uses Sql Authentication with sa (or another sysadmin) credentials.

Oh - and this would work locally because you're running it under Visual Studio's WebDev.exe which is run with your local user account - which is probably set up as a sysadmin in MSSQL.