RE: Impersonation and SQL Connections

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Clint (Clint_at_discussions.microsoft.com)
Date: 09/28/04 

Date: Tue, 28 Sep 2004 11:35:06 -0700

I knew I was missing something small and stupid. I wasn't using
LOGON32_LOGON_INTERACTIVE (2), I was using (3) ... whichever that value
stands for. Changed my API call to use 2, and everything works great.

Thanks!!

"Shorty" wrote:

> Here is an excellent example of impersonation at MSDN:
>
> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfSystemSecurityPrincipalWindowsIdentityClassImpersonateTopic.asp
>
> Shorty
>
> "Clint" wrote:
>
> > Hello all -
> >
> > I'm having a problem concerning Impersonation while connecting to SQL
> > Server. I'm not sure if I'm posting this to the right newsgroups, so let me
> > know if it belongs elsewhere, and please excuse the cross-post.
> >
> > I'm writing a Windows Forms application that makes direct calls to a SQL 2k
> > database. This application requires a user to log in, and confirms their
> > login and password with whatever they have in Active Directory. I had planned
> > for the program to use the credentials of the user logged into the
> > application (NOT Windows) when connecting to the SQL Server, but it seems
> > I've encountered a slight pitfall.
> >
> > I've been reading that in this scenario, using simple Identity
> > Impersonation, the SQL Server will attempt to connect as "NT
> > AUTHORITY\ANONYMOUS LOGON" because of a limit to the impersonation context.
> >
> > I'm having trouble believing that this is true. I can impersonate users in
> > ASP.NET just fine, and connect to databases using those credentials, but am
> > unable to do the same through a desktop application? It doesn't make all that
> > much sense, but then again, I'm somewhat of an amateur in this regard.
> >
> > So, that said, can anyone provide any examples or help to get this working?
> > I'm happy to provide code samples, I just wasn't sure if it'd be necessary.
> >
> > Thanks!
> > Clint

Relevant Pages

  • RE: Impersonation and SQL Connections
    ... Changed my API call to use 2, ... >> database. ... >> ASP.NET just fine, and connect to databases using those credentials, but am ...
    (microsoft.public.dotnet.security)
  • Re: Secure Web-Based Administration
    ... > The best option would be to set up sudo to allow this webserver ... somewhat nicer and imho nuch more secure. ... These very same credentials (password + ... passphrase) are then used to store the changed data in a database. ...
    (Focus-Linux)
  • Re: How do I give ASP.NET process network credentials?
    ... The domain user needs certain proviledges - acting as part of the operating ... >>> Source Safe database is not a database in the traditional sense of the ... >>> my interactive session network credentials. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: database project
    ... VS 2005 IDE used ConnectStr to connect Database. ... we would have to define user credential for the connection such as ... One approach is to modify the .dbf file, delete user credentials from its ...
    (microsoft.public.vsnet.ide)
  • Re: Storing Connection String
    ... if the credentials you use for your application can only execute ... SSPI security is more expensive to ... My idea is to have just one database user whose username and password ... As per database I would use only stored procedures to ...
    (microsoft.public.dotnet.framework.adonet)