Re: Active Directory and SQL Server Connection

Lyners,

I would look up MSDN help on WindowsIdentity.

Your connection string is fine, it simply says that windows authentication
should be used. The question is - who integrated auth for which user. Is it
"IIS_MachineName" ? Is it ASPNET? Or is it the dude you selected in the
dropdown? So whichever it is, your code needs to impersonate that particular
user's identity and then connect to Sql Server. Thats all :-)

- Sahil Malik [MVP]
ADO.NET 2.0 book -
http://codebetter.com/blogs/sahil.malik/archive/2005/05/13/63199.aspx
----------------------------------------------------------------------------
---------------


"Lyners" <Lyners@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:B37464A2-A632-485A-B9EF-E72CEF859BF0@xxxxxxxxxxxxxxxx
> Thanks Sahil,
> I need a little more help with this. i am writing this in VB.NET/ASP.NET,
my
> connection string is in my web.config file and looks like this;
>
> <add key="DsnSql" value="server=server\dev;integrated
security=SSPI;persist
> security info=False;Trusted_Connection=yes;database=datatables" />
>
> I tried figuring out the system.net.networkidentity, but had no luck. Do
you
> have any further pointers?
>
> "Sahil Malik [MVP]" wrote:
>
> > You need to switch identities by using the WindowsIdentity class in the
..NET
> > framework.
> >
> > The bigger problem though is, SqlConnection doesn't expose an instance
of
> > WindowsIdentity. Actually it's not so much of an issue, because you
really
> > need to Impersonate and you can get the new identity easily using a
class
> > such as (I think) System.Net.NetworkIdentity (I think).
> >
> > So say for instance, in your postback in your page_load, you could have
code
> > that looks like as below -
> >
> > WindowsIdentity userIdentity = // Get the new identity here ;
> > WindowsImpersonationContext impContext = userIdentity.Impersonate();
> > // Then do your regular SqlConnection stuff using this
> > switched/impersonated identity.
> >
> > This requires that you are in a Kerberos friendly network, which it
appears
> > that you are.
> >
> > Under the scenes basically when you impersonate, your web application
would
> > get a kerberos service ticket on the behalf of the impersonated user,
which
> > the SqlServer will recognize. This way, delegation will work the way you
> > intend to make it work. This "ticket" based kerberos architecture is
> > necessary because passwords are usually never sent clear text, so if you
> > know my password, and I know my password, I hash it (one way
encryption),
> > and we compare hashes. The problem is, the third machine that neither
has my
> > password, nor my password's hash, will not be able to authenticate me -
this
> > third machine in this case is the Sql Server, and the first two machines
are
> > the machines the browser is running on, and the machine IIS is running
on.
> >
> > - Sahil Malik [MVP]
> > ADO.NET 2.0 book -
> > http://codebetter.com/blogs/sahil.malik/archive/2005/05/13/63199.aspx
>
> --------------------------------------------------------------------------
--
> > ---------------
> >
> >
> >
> >
> > "Lyners" <Lyners@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> > news:0A9B7DA5-965F-4E43-865B-1DF4B92724D8@xxxxxxxxxxxxxxxx
> > > We have 2 servers running Windows 2003. One is the IIS server the
other is
> > a
> > > SQL server. We made a web page that gets the using users name through
> > their
> > > logon from active directory. We then query the SQl server looking for
> > > information about the user. Our problem, when we have anonymous access
> > turned
> > > off and integration turned on, we get a login failed, not trusted
> > connection.
> > > If we add an anonymous user from the domain that has access to the SQL
> > > server, we get data, but of the anonymous user, not the using client.
It
> > > appears once we post to the server, the anonymous access takes over
and
> > > everything is geared to that user ID.
> > >
> > > How do we do both?
> > >
> > > Thanks
> >
> >
> >
> >
> >


.

Relevant Pages

  • Re: Active Directory and SQL Server Connection
    ... connection string is in my web.config file and looks like this; ... > This requires that you are in a Kerberos friendly network, ... > third machine in this case is the Sql Server, and the first two machines are ... when we have anonymous access ...
    (microsoft.public.dotnet.framework.adonet)
  • Re: Active Directory and SQL Server Connection
    ... I went into my SQL server added a user "Test", ... > I would look up MSDN help on WindowsIdentity. ... > Your connection string is fine, it simply says that windows authentication ... your code needs to impersonate that particular ...
    (microsoft.public.dotnet.framework.adonet)
  • Re: One Connection String for Multiple Users (SQL)
    ... Hitchhiker’s Guide to Visual Studio and SQL Server ... "William Vaughn" wrote: ... This uses the> same connection string for all instances of the application. ...
    (microsoft.public.sqlserver.connect)
  • RE: How do I configure Analysis Services for Excel 2003 users?
    ... they had had Office 2003 installed AFTER SQL Server. ... > I have been preparing a set of cubes in Analysis Services 2005 to be viewed ... > Excel reports have been designed as pivot tables based on AS cubes, ... > Surely it must be that the connection string is incorrect but I seem to have ...
    (microsoft.public.sqlserver.olap)
  • Re: Connecting to Sql Server using an IP address
    ... using IP address without port number (default port number ... of SQL Server is 1433) cannot connect to the SQL Server on a remote ... name in the connection string can connect the remote machine successfully. ... Microsoft Online Community Support ...
    (microsoft.public.dotnet.framework.adonet)