Re: Active Directory and SQL Server Connection
- From: "Sahil Malik [MVP]" <contactmethrumyblog@xxxxxxxxxx>
- Date: Thu, 11 Aug 2005 16:32:30 -0400
You need to switch identities by using the WindowsIdentity class in the .NET
framework.
The bigger problem though is, SqlConnection doesn't expose an instance of
WindowsIdentity. Actually it's not so much of an issue, because you really
need to Impersonate and you can get the new identity easily using a class
such as (I think) System.Net.NetworkIdentity (I think).
So say for instance, in your postback in your page_load, you could have code
that looks like as below -
WindowsIdentity userIdentity = // Get the new identity here ;
WindowsImpersonationContext impContext = userIdentity.Impersonate();
// Then do your regular SqlConnection stuff using this
switched/impersonated identity.
This requires that you are in a Kerberos friendly network, which it appears
that you are.
Under the scenes basically when you impersonate, your web application would
get a kerberos service ticket on the behalf of the impersonated user, which
the SqlServer will recognize. This way, delegation will work the way you
intend to make it work. This "ticket" based kerberos architecture is
necessary because passwords are usually never sent clear text, so if you
know my password, and I know my password, I hash it (one way encryption),
and we compare hashes. The problem is, the third machine that neither has my
password, nor my password's hash, will not be able to authenticate me - this
third machine in this case is the Sql Server, and the first two machines are
the machines the browser is running on, and the machine IIS is running on.
- Sahil Malik [MVP]
ADO.NET 2.0 book -
http://codebetter.com/blogs/sahil.malik/archive/2005/05/13/63199.aspx
----------------------------------------------------------------------------
---------------
"Lyners" <Lyners@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:0A9B7DA5-965F-4E43-865B-1DF4B92724D8@xxxxxxxxxxxxxxxx
> We have 2 servers running Windows 2003. One is the IIS server the other is
a
> SQL server. We made a web page that gets the using users name through
their
> logon from active directory. We then query the SQl server looking for
> information about the user. Our problem, when we have anonymous access
turned
> off and integration turned on, we get a login failed, not trusted
connection.
> If we add an anonymous user from the domain that has access to the SQL
> server, we get data, but of the anonymous user, not the using client. It
> appears once we post to the server, the anonymous access takes over and
> everything is geared to that user ID.
>
> How do we do both?
>
> Thanks
.
- Follow-Ups:
- Re: Active Directory and SQL Server Connection
- From: Lyners
- Re: Active Directory and SQL Server Connection
- References:
- Active Directory and SQL Server Connection
- From: Lyners
- Active Directory and SQL Server Connection
- Prev by Date: Re: Using a Parameterized SelectCommand with OleDBDataAdapter
- Next by Date: Re: documenation for '.NET Data Provider for SQL Server' errors
- Previous by thread: Active Directory and SQL Server Connection
- Next by thread: Re: Active Directory and SQL Server Connection
- Index(es):
Relevant Pages
|
