I have a ASP.NET Core Web API running which is running under Windows Authentication. I have Entity Framework for working with my database using connectionstring syntax:
"data source=dbserver;initial catalog=IntranetDB;persist security info=True;Integrated Security=SSPI;"
My Web API is running under a specific application pool and service account: sa_db
.
This sa_db
is owner of the database and has bulk load
enabled.
One process in the API is savind a .csv
file to a network share and then calls the SP to open this file and do something with it.
Problem
We got some issues about permissions ( Access Denied ), after some changes like adding the following to the SP:
WITH EXECUTE AS OWNER
we got the exception:
System.Data.SqlClient.SqlException (0x80131904): You do not have permission to use the bulk load statement.
But the sa_db
has this enabled.
When we added the security group of the AD Users using the API to the SQL Database with bulk load
enabled, everything worked.
Looking in the Activity Montitor of the SQL I only see the sa_db
account.
Why is the SP running under the AD User using the API and not the service account?
User contributions licensed under CC BY-SA 3.0