EXECUTE permission denied on object... uh?

J

Jiggaz

Hi,

In my ASPX Page, i have a form for signup. And whene user
click on the button, the event Button1_Click must use a
stored procedure.
But instead of use stored proc, i get this exception :
_____
System.Data.SqlClient.SqlException: EXECUTE permission
denied on object 'CreateAccount', database 'wizou', schema
'dbo'. at
System.Data.SqlClient.SqlConnection.OnError(SqlException
exception, TdsParserState state) at
System.Data.SqlClient.SqlInternalConnection.OnError(SqlException
exception, TdsParserState state) at
System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject
stateObj) at
System.Data.SqlClient.TdsParser.Run(RunBehavior
runBehavior, SqlCommand cmdHandler, SqlDataReader
dataStream, BulkCopySimpleResultSet bulkCopyHandler,
TdsParserStateObject stateObj) at
System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader
ds, RunBehavior runBehavior, String resetOptionsString) at
System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior
cmdBehavior, RunBehavior runBehavior, Boolean returnStream,
String method, DbAsyncResult result) at
System.Data.SqlClient.SqlCommand.InternalExecuteNonQuery(DbAsyncResult
result) at
System.Data.SqlClient.SqlCommand.ExecuteNonQuery() at
Signup.Button1_Click(Object sender, EventArgs e) in
c:\Inetpub\wwwroot\wizou\Signup.aspx.cs:line 114
_____


AND MY CODE IS :
SqlCommand myCommand = new SqlCommand();
String strCnx =
ConfigurationSettings.ConnectionStrings["AppCnxStr"].ConnectionString.ToString();
myCommand.Connection = new SqlConnection(strCnx);
myCommand.Connection.Open();

myCommand.CommandType = CommandType.StoredProcedure;
myCommand.CommandText = "CreateAccount";

SqlParameter myNickname = new SqlParameter("@Nickname",
SqlDbType.NVarChar, 30);
myNickname.Value = boxLogin.Text;
myCommand.Parameters.Add(myNickname);

SqlParameter myPassword = new SqlParameter("@Password",
SqlDbType.NVarChar, 15);
myPassword.Value = boxPwd.Text;
myCommand.Parameters.Add(myPassword);

....

myCommand.ExecuteNonQuery();
System.Web.Security.FormsAuthentication.SetAuthCookie(boxLogin.Text,
true);
Response.Redirect("/Signup.aspx?action=Complete");
_______________________

Regards.
 
K

Kevin Spencer

The error is coming from your SQ Server. Whatever user account your app is
connecting with doesn't have permission to execute the Stored Procedure
mentioned in the message. It's not your code. It's database permissions.

--
HTH,
Kevin Spencer
..Net Developer
Microsoft MVP
Big things are made up
of lots of little things.

Hi,

In my ASPX Page, i have a form for signup. And whene user
click on the button, the event Button1_Click must use a
stored procedure.
But instead of use stored proc, i get this exception :
_____
System.Data.SqlClient.SqlException: EXECUTE permission
denied on object 'CreateAccount', database 'wizou', schema
'dbo'. at
System.Data.SqlClient.SqlConnection.OnError(SqlException
exception, TdsParserState state) at
System.Data.SqlClient.SqlInternalConnection.OnError(SqlException
exception, TdsParserState state) at
System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObjec
t
stateObj) at
System.Data.SqlClient.TdsParser.Run(RunBehavior
runBehavior, SqlCommand cmdHandler, SqlDataReader
dataStream, BulkCopySimpleResultSet bulkCopyHandler,
TdsParserStateObject stateObj) at
System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader
ds, RunBehavior runBehavior, String resetOptionsString) at
System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior
cmdBehavior, RunBehavior runBehavior, Boolean returnStream,
String method, DbAsyncResult result) at
System.Data.SqlClient.SqlCommand.InternalExecuteNonQuery(DbAsyncResult
result) at
System.Data.SqlClient.SqlCommand.ExecuteNonQuery() at
Signup.Button1_Click(Object sender, EventArgs e) in
c:\Inetpub\wwwroot\wizou\Signup.aspx.cs:line 114
_____


AND MY CODE IS :
SqlCommand myCommand = new SqlCommand();
String strCnx =
ConfigurationSettings.ConnectionStrings["AppCnxStr"].ConnectionString.ToStri
ng();
myCommand.Connection = new SqlConnection(strCnx);
myCommand.Connection.Open();

myCommand.CommandType = CommandType.StoredProcedure;
myCommand.CommandText = "CreateAccount";

SqlParameter myNickname = new SqlParameter("@Nickname",
SqlDbType.NVarChar, 30);
myNickname.Value = boxLogin.Text;
myCommand.Parameters.Add(myNickname);

SqlParameter myPassword = new SqlParameter("@Password",
SqlDbType.NVarChar, 15);
myPassword.Value = boxPwd.Text;
myCommand.Parameters.Add(myPassword);

....

myCommand.ExecuteNonQuery();
System.Web.Security.FormsAuthentication.SetAuthCookie(boxLogin.Text,
true);
Response.Redirect("/Signup.aspx?action=Complete");
_______________________

Regards.
 
H

Hans Kesting

Jiggaz said:
In my ASPX Page, i have a form for signup. And whene user
click on the button, the event Button1_Click must use a
stored procedure.
But instead of use stored proc, i get this exception :
_____
System.Data.SqlClient.SqlException: EXECUTE permission
denied on object 'CreateAccount', database 'wizou', schema
'dbo'. at [snip]


This means that the useraccount that is used to connect to SqlServer
has no execute permissions on the stored procedure "CreateAccount".
What user do you use? Do you specify it in the connectionstring
or do you use "windows authentication"?
(if windows authentication, then it's probably "ASPNET")

Check if that user really has execute permission on this SP.

Hans Kesting
 
J

Jiggaz

I have SQL Server 2005, there is no sql management :/
if u know them, gimme se sql commands that i could execute
with SQLCMD.exe

Regards.
 
J

Jiggaz

I use this string :
<connectionStrings>
<add name="AppCnxStr"
connectionString="Server=KLEO\SQLEXPRESS;Integrated
Security=True;Database=wizou"
providerName="System.Data.SqlClient" />
</connectionStrings>

And how can i authorize user KLEO\ASPNET to execute Stored
Procedures?

Regards.
-----Original Message-----

"Jiggaz" <[email protected]> wrote in
message news:[email protected]...
In my ASPX Page, i have a form for signup. And whene user
click on the button, the event Button1_Click must use a
stored procedure.
But instead of use stored proc, i get this exception :
_____
System.Data.SqlClient.SqlException: EXECUTE permission
denied on object 'CreateAccount', database 'wizou', schema
'dbo'. at [snip]


This means that the useraccount that is used to connect to SqlServer
has no execute permissions on the stored procedure "CreateAccount".
What user do you use? Do you specify it in the connectionstring
or do you use "windows authentication"?
(if windows authentication, then it's probably "ASPNET")

Check if that user really has execute permission on this SP.

Hans Kesting


.
 
C

Cowboy \(Gregory A. Beamer\) [MVP]

Open Enterprise Manager for SQL Server. Right click on the stored procedure
in question. Make sure the user in your conn string is allowed to EXECUTE
the proc.

NOTE: If you are using integrated security, you will have to have the
Windows group, with this user account (yours?) as the group that has EXECUTE
rights.

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

************************************************
Think Outside the Box!
************************************************
Hi,

In my ASPX Page, i have a form for signup. And whene user
click on the button, the event Button1_Click must use a
stored procedure.
But instead of use stored proc, i get this exception :
_____
System.Data.SqlClient.SqlException: EXECUTE permission
denied on object 'CreateAccount', database 'wizou', schema
'dbo'. at
System.Data.SqlClient.SqlConnection.OnError(SqlException
exception, TdsParserState state) at
System.Data.SqlClient.SqlInternalConnection.OnError(SqlException
exception, TdsParserState state) at
System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObjec
t
stateObj) at
System.Data.SqlClient.TdsParser.Run(RunBehavior
runBehavior, SqlCommand cmdHandler, SqlDataReader
dataStream, BulkCopySimpleResultSet bulkCopyHandler,
TdsParserStateObject stateObj) at
System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader
ds, RunBehavior runBehavior, String resetOptionsString) at
System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior
cmdBehavior, RunBehavior runBehavior, Boolean returnStream,
String method, DbAsyncResult result) at
System.Data.SqlClient.SqlCommand.InternalExecuteNonQuery(DbAsyncResult
result) at
System.Data.SqlClient.SqlCommand.ExecuteNonQuery() at
Signup.Button1_Click(Object sender, EventArgs e) in
c:\Inetpub\wwwroot\wizou\Signup.aspx.cs:line 114
_____


AND MY CODE IS :
SqlCommand myCommand = new SqlCommand();
String strCnx =
ConfigurationSettings.ConnectionStrings["AppCnxStr"].ConnectionString.ToStri
ng();
myCommand.Connection = new SqlConnection(strCnx);
myCommand.Connection.Open();

myCommand.CommandType = CommandType.StoredProcedure;
myCommand.CommandText = "CreateAccount";

SqlParameter myNickname = new SqlParameter("@Nickname",
SqlDbType.NVarChar, 30);
myNickname.Value = boxLogin.Text;
myCommand.Parameters.Add(myNickname);

SqlParameter myPassword = new SqlParameter("@Password",
SqlDbType.NVarChar, 15);
myPassword.Value = boxPwd.Text;
myCommand.Parameters.Add(myPassword);

....

myCommand.ExecuteNonQuery();
System.Web.Security.FormsAuthentication.SetAuthCookie(boxLogin.Text,
true);
Response.Redirect("/Signup.aspx?action=Complete");
_______________________

Regards.
 
E

Eliyahu Goldin

It is an SQL Server message. With database management tools make sure the
user you are logging on as has execute permissions.

Eliyahu

Hi,

In my ASPX Page, i have a form for signup. And whene user
click on the button, the event Button1_Click must use a
stored procedure.
But instead of use stored proc, i get this exception :
_____
System.Data.SqlClient.SqlException: EXECUTE permission
denied on object 'CreateAccount', database 'wizou', schema
'dbo'. at
System.Data.SqlClient.SqlConnection.OnError(SqlException
exception, TdsParserState state) at
System.Data.SqlClient.SqlInternalConnection.OnError(SqlException
exception, TdsParserState state) at
System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObjec
t
stateObj) at
System.Data.SqlClient.TdsParser.Run(RunBehavior
runBehavior, SqlCommand cmdHandler, SqlDataReader
dataStream, BulkCopySimpleResultSet bulkCopyHandler,
TdsParserStateObject stateObj) at
System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader
ds, RunBehavior runBehavior, String resetOptionsString) at
System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior
cmdBehavior, RunBehavior runBehavior, Boolean returnStream,
String method, DbAsyncResult result) at
System.Data.SqlClient.SqlCommand.InternalExecuteNonQuery(DbAsyncResult
result) at
System.Data.SqlClient.SqlCommand.ExecuteNonQuery() at
Signup.Button1_Click(Object sender, EventArgs e) in
c:\Inetpub\wwwroot\wizou\Signup.aspx.cs:line 114
_____


AND MY CODE IS :
SqlCommand myCommand = new SqlCommand();
String strCnx =
ConfigurationSettings.ConnectionStrings["AppCnxStr"].ConnectionString.ToStri
ng();
myCommand.Connection = new SqlConnection(strCnx);
myCommand.Connection.Open();

myCommand.CommandType = CommandType.StoredProcedure;
myCommand.CommandText = "CreateAccount";

SqlParameter myNickname = new SqlParameter("@Nickname",
SqlDbType.NVarChar, 30);
myNickname.Value = boxLogin.Text;
myCommand.Parameters.Add(myNickname);

SqlParameter myPassword = new SqlParameter("@Password",
SqlDbType.NVarChar, 15);
myPassword.Value = boxPwd.Text;
myCommand.Parameters.Add(myPassword);

....

myCommand.ExecuteNonQuery();
System.Web.Security.FormsAuthentication.SetAuthCookie(boxLogin.Text,
true);
Response.Redirect("/Signup.aspx?action=Complete");
_______________________

Regards.
 
C

Cowboy \(Gregory A. Beamer\) [MVP]

You have some choices to make.

1. Allow ASPNET access. Fine for non-production databases, but a potential
security problem.
2. Switch to mixed mode security and create a conn string with a user.
3. Create a thread that accesses using another account
4. Set up impersonation in your ASP.NET app and give your account rights

For now, the easiest to explain is #1 (realize not the best long-term
option):
Open SQLCMD
Use {database Name here}
GO
next

exec sp_grantlogin N'{Computer name}\ASPNET'
GO
next

GRANT EXECUTE ON {sproc name} to N'{Computer name}\ASPNET'
GO

Best to ask about linking the account in the SQL Server groups. If this is
ASP .NET 2.0, best to post in privatenews.microsoft.com, using the
instructions on the beta groups in the Visual Studio 2005:

http://lab.msdn.microsoft.com/vs2005/

There is a great walkthrough for Visual Web Dev that includes how to connect
to SQL Server 2005 Express.
http://beta.asp.net/GuidedTour/s2.aspx


--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

************************************************
Think Outside the Box!
************************************************
Jiggaz said:
I use this string :
<connectionStrings>
<add name="AppCnxStr"
connectionString="Server=KLEO\SQLEXPRESS;Integrated
Security=True;Database=wizou"
providerName="System.Data.SqlClient" />
</connectionStrings>

And how can i authorize user KLEO\ASPNET to execute Stored
Procedures?

Regards.
-----Original Message-----

"Jiggaz" <[email protected]> wrote in
message news:[email protected]...
In my ASPX Page, i have a form for signup. And whene user
click on the button, the event Button1_Click must use a
stored procedure.
But instead of use stored proc, i get this exception :
_____
System.Data.SqlClient.SqlException: EXECUTE permission
denied on object 'CreateAccount', database 'wizou', schema
'dbo'. at [snip]


This means that the useraccount that is used to connect to SqlServer
has no execute permissions on the stored procedure "CreateAccount".
What user do you use? Do you specify it in the connectionstring
or do you use "windows authentication"?
(if windows authentication, then it's probably "ASPNET")

Check if that user really has execute permission on this SP.

Hans Kesting


.
 
C

Cowboy \(Gregory A. Beamer\) [MVP]

See my answer to your repost after Hans Kesting's response. That should be
enough.

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

************************************************
Think Outside the Box!
************************************************
I have SQL Server 2005, there is no sql management :/
if u know them, gimme se sql commands that i could execute
with SQLCMD.exe

Regards.
-----Original Message-----
It is an SQL Server message. With database management tools make sure the
user you are logging on as has execute permissions.

Eliyahu

Hi,

In my ASPX Page, i have a form for signup. And whene user
click on the button, the event Button1_Click must use a
stored procedure.
But instead of use stored proc, i get this exception :
_____
System.Data.SqlClient.SqlException: EXECUTE permission
denied on object 'CreateAccount', database 'wizou', schema
'dbo'. at
System.Data.SqlClient.SqlConnection.OnError(SqlException
exception, TdsParserState state) at
System.Data.SqlClient.SqlInternalConnection.OnError(SqlException
exception, TdsParserState state) at
System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObje c
t
stateObj) at
System.Data.SqlClient.TdsParser.Run(RunBehavior
runBehavior, SqlCommand cmdHandler, SqlDataReader
dataStream, BulkCopySimpleResultSet bulkCopyHandler,
TdsParserStateObject stateObj) at
System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader
ds, RunBehavior runBehavior, String resetOptionsString) at
System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior
cmdBehavior, RunBehavior runBehavior, Boolean returnStream,
String method, DbAsyncResult result) at
System.Data.SqlClient.SqlCommand.InternalExecuteNonQuery(DbAsyncResult
result) at
System.Data.SqlClient.SqlCommand.ExecuteNonQuery() at
Signup.Button1_Click(Object sender, EventArgs e) in
c:\Inetpub\wwwroot\wizou\Signup.aspx.cs:line 114
_____


AND MY CODE IS :
SqlCommand myCommand = new SqlCommand();
String strCnx =
ConfigurationSettings.ConnectionStrings["AppCnxStr"].ConnectionString.ToStr i
ng();
myCommand.Connection = new SqlConnection(strCnx);
myCommand.Connection.Open();

myCommand.CommandType = CommandType.StoredProcedure;
myCommand.CommandText = "CreateAccount";

SqlParameter myNickname = new SqlParameter("@Nickname",
SqlDbType.NVarChar, 30);
myNickname.Value = boxLogin.Text;
myCommand.Parameters.Add(myNickname);

SqlParameter myPassword = new SqlParameter("@Password",
SqlDbType.NVarChar, 15);
myPassword.Value = boxPwd.Text;
myCommand.Parameters.Add(myPassword);

....

myCommand.ExecuteNonQuery();
System.Web.Security.FormsAuthentication.SetAuthCookie(boxLogin.Text,
true);
Response.Redirect("/Signup.aspx?action=Complete");
_______________________

Regards.


.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,731
Messages
2,569,432
Members
44,832
Latest member
GlennSmall

Latest Threads

Top