Error accessing Schema from web app over over local network

Question

I have a web app that is working correctly on the computer running the server, but when I attempt to run the web app on another device over the local network I get this error:

The specified schema name "WORKGROUP\\LAPTOP-1" either does not exist or you do not have permission to use it.

The command I'm trying to execute is the following:

protected void Home_pt()
{
    string nametime;
    string name;
    string time;
    string tname = null;
    SqlConnection conn = new SqlConnection("Data Source=localhost\\SQLEXPRESS;AttachDbFilename=C:\\Users\\Public\\public website\\slDataBase.mdf;Integrated Security=True;Trusted_Connection=True;");

    if (thiddenfield.Value == String.Empty)
    {
        Show("error: empty tname");
    }
    else
    {
        tname = thiddenfield.Value;
    }

    using (var cmd = new SqlCommand("SELECT name FROM trecordTable WHERE name='" + tname + "'", conn))
    {
        conn.Open();
        using (var reader = cmd.ExecuteReader())
        {
            List<string> namedatelist = new List<string>();
            while (reader.Read())
            {
                name = reader["name"].ToString();
                time = DateTime.Now.ToString("MM-dd-yyyy");
                namedatelist.Add(name + time);
            }
            nametime = Regex.Replace(namedatelist[0].ToString(), "[^0-9a-zA-Z]+", "");
            Session["nametime"] = nametime;
            hftstate.Value = nametime;
        }
    }
}

protected void Fill_t(object sender, EventArgs e)
{
    var nametime = Session["nametime"].ToString();
    SqlConnection conn = new SqlConnection("Data Source=localhost\\SQLEXPRESS;AttachDbFilename=C:\\Users\\Public\\public website\\slDataBase.mdf;Integrated Security=True;Trusted_Connection=True;");

    conn.Open();

    using (var cmdtx1 = new SqlCommand("IF OBJECT_ID('" + nametime + "') IS NULL CREATE TABLE " + nametime + "([Id]    INT   IDENTITY NOT NULL,  [item]  NVARCHAR(50) NULL,  [CtrlType] NVARCHAR(50) NULL,  [six] NVARCHAR(50) NULL,  [seven]  NVARCHAR(50) NULL,  [eight]  NVARCHAR(50) NULL); IF NOT EXISTS(SELECT item FROM " + nametime + ") INSERT INTO " + nametime + " (item,CtrlType,hflabel) VALUES ('At','atscroll','cstat')", conn))
    {
        cmdtx1.ExecuteNonQuery();
    }
}

Are there permissions I should edit in SSMS?

Also, I recognize it's vulnerable to injection, but I would like to fix this first.

Answer 1

Wow so the post put up for about 30 seconds (and then deleted?) by Ubercoder worked!

"I suspect that nametime is not being set to include the required schema - normally this is [dbo]

This should work"

using (var cmdtx1 = new SqlCommand(
 "IF OBJECT_ID('[dbo]." + nametime + @"') IS NULL 
    CREATE TABLE [dbo]." + nametime +  @"
     ([Id] INT IDENTITY NOT NULL,  
      [item]  NVARCHAR(50) NULL,  
      [CtrlType] NVARCHAR(50) NULL,  
      [six] NVARCHAR(50) NULL,  
      [seven]  NVARCHAR(50) NULL,  
      [eight]  NVARCHAR(50) NULL
     ); 


 IF NOT EXISTS(SELECT item FROM [dbo]." + nametime + @") 
  INSERT INTO [dbo]." + nametime + @"
      (item,CtrlType,hflabel) 
  VALUES ('At','atscroll','cstat')",
 conn))
{
cmdtx1.ExecuteNonQuery();
}

Ubercoder if you repost your answer I'll mark it as the correct answer.

Can anyone explain why this works?

Answer 2

Because you use Integrated Security=True;Trusted_Connection=True in the connection string, which user connects to the database and which default schema is used depends on the Windows environment.

Your IIS might be setup to use a different Windows user credential for remote connections than for local connections. Or when you also have integrated Windows authentication enabled in IIS for your application, then the logged on Windows User on the client computer is used to authenticate against the database.

So either do not use integrated security or make sure that all users who want to be able to connect have access to the schema dbo and use it as their default schema.

See this article on how to set a default schema for a Windows Network Group.

---

Warning: Personal opinion

Specifying the schema name in the SQL statement as proposed by Ubercoder would work as well, but this is generally not a good idea because this makes it much more difficult to migrate the application to an SQL server where it is meant to share the database with a different application or when you want to implement a multi-tenant-scenario.

It's also very easy for a developer to forget adding the schema prefix in an sql statement. And this error will then not be spotted so easily during development when the developer uses a login where dbo is the default schema.