ASP.Net Session State SQL Server user permissions

What are the minimum set of permissions necessary for an ASP.net application to be able to read/write into the standard persisted SQL Server sessio开发者_高级运维n state database?

I know this question is a little old, but I didn't see a correct answer. Here is what we granted to the role we created to replace the built-in ASPState account. We didn't want the account used by our web apps to have .dbo permission for security reasons.

GRANT EXECUTE ON dbo.TempReleaseStateItemExclusive TO ASPState_20
GRANT EXECUTE ON dbo.TempInsertUninitializedItem TO ASPState_20
GRANT EXECUTE ON dbo.TempInsertStateItemShort TO ASPState_20
GRANT EXECUTE ON dbo.TempInsertStateItemLong TO ASPState_20
GRANT EXECUTE ON dbo.TempUpdateStateItemShort TO ASPState_20
GRANT EXECUTE ON dbo.TempUpdateStateItemShortNullLong TO ASPState_20
GRANT EXECUTE ON dbo.TempUpdateStateItemLong TO ASPState_20
GRANT EXECUTE ON dbo.TempUpdateStateItemLongNullShort TO ASPState_20
GRANT EXECUTE ON dbo.TempRemoveStateItem TO ASPState_20
GRANT EXECUTE ON dbo.TempResetTimeout TO ASPState_20
GRANT EXECUTE ON dbo.DeleteExpiredSessions TO ASPState_20
GRANT SELECT ON dbo.ASPStateTempSessions TO ASPState_20
GRANT SELECT ON dbo.ASPStateTempApplications TO ASPState_20
GRANT EXECUTE ON dbo.GetMajorVersion TO ASPState_20
GRANT EXECUTE ON dbo.CreateTempTables TO ASPState_20
GRANT EXECUTE ON dbo.TempGetVersion TO ASPState_20
GRANT EXECUTE ON dbo.GetHashCode TO ASPState_20
GRANT EXECUTE ON dbo.TempGetAppID TO ASPState_20
GRANT EXECUTE ON dbo.TempGetStateItem TO ASPState_20
GRANT EXECUTE ON dbo.TempGetStateItem2 TO ASPState_20
GRANT EXECUTE ON dbo.TempGetStateItem3 TO ASPState_20
GRANT EXECUTE ON dbo.TempGetStateItemExclusive TO ASPState_20
GRANT EXECUTE ON dbo.TempGetStateItemExclusive2 TO ASPState_20
GRANT EXECUTE ON dbo.TempGetStateItemExclusive3 TO ASPState_20
GRANT EXECUTE ON TYPE ::dbo.tSessionId TO ASPState_20
GRANT EXECUTE ON TYPE ::dbo.tAppName TO ASPState_20
GRANT EXECUTE ON TYPE ::dbo.tSessionItemShort TO ASPState_20
GRANT EXECUTE ON TYPE ::dbo.tSessionItemLong TO ASPState_20
GRANT EXECUTE ON TYPE ::dbo.tTextPtr TO ASPState_20

It depends on whether you chose the persisted or the temporary table mode. In the first case it is pretty straightforward:

In the persistent case, it is sufficient to grant EXECUTE rights on the procedures, because access to the tables works by means of an ownership chain, i.e. if the owner of a procedure also owns the tables being accessed by the procedures, no additional checks are being performed when accessing those tables. In the ASPState database the owner of all objects is also the database owner, i.e. the account who did create the ASPState database when running the Aspnet_regsql tool. In the non-persistent mode, where the tables do not reside in the ASPState database but are located in tempdb, there is no direct ownership chain and therefore one more step has to be performed: a cross-database ownership chain has to be established.

See http://blogs.msdn.com/b/hanspo/archive/2011/01/10/hardening-an-asp-net-session-state-database.aspx for details (about both modes).

You only need datareader/datawriter on the SQLServer.