Re: pass through authentication

Hi Bad,

Do you mean both SQL SERVER and client machine are not in the domain now?

The following describes how SQL Server processes login accounts that
Windows authenticates:

1. When a user connects to SQL Server, the client opens a trusted
connection to SQL Server, which passes the user's Windows security
credentials to SQL Server.

Because the client opened a trusted connection, SQL Server knows that
Windows has already validated the login account.

2. If SQL Server finds the user's Windows user account or group account in
the list of SQL Server login accounts in the sysxlogins system table, it
accepts the connection.

SQL Server does not need to revalidate a password because Windows has
already validated it.

If SQL SERVER is in the domain, this trusted connection credential process
is finished in the AD. If SQL SERVER is not in the domain, you need to set
up a login account in the Windows server on which SQL SERVER locates, and
add this login account in the SQL SERVER login list. You cannot use the
domain account to access the SQL SERVER even if you set up a new account
with same username and password on the SQL SERVER because they have the
different SID. In this case, you can use the following two methods to
access the SQL SERVER. You might need to use these two methods even though
you use code to access the SQL SERVER.

1. Create a new login account on the server, and use this account to login
from the client machine.
2. Use the SQL SERVER authentication mode to access the database.

If anything is unclear, please let me know. Thank you!

Sincerely,
Warner Wang
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security

=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

.

Relevant Pages

  • Re: Connection string/Sql Server 2005/Windows authentication/ but not on domain
    ... SQL Server defaults to prohibit "mixed mode" authentication. ... make sure that the Login account is setup to accept the Windows account and has rights to the correct database. ... Hitchhiker's Guide to Visual Studio and SQL Server ...
    (microsoft.public.sqlserver.connect)
  • Re: Cant remove SA account or delete xp_cmdshell ext stored proc?
    ... The book I was reading is Microsoft Press and the authors are Ed Robinson ... > protects SQL Server from someone easily getting administrative access to ... > administrator changes the security authentication mode to Mixed Mode. ... > Do not use the sa login account in a production environment. ...
    (microsoft.public.sqlserver.security)
  • Connecting to SQL between two XP Clients
    ... That doesnt seem to be the case with mine, ... machines set up with the same user and I am using Windows ... >>developed an app using my client machine and MSDE ... >>I now want to install my database on the SQL Server ...
    (microsoft.public.sqlserver.security)
  • Re: User Data Segregation
    ... If done well, wrapping every call so that a session ID is required will do the job and will not cause much of a performance hit--it will be a small, exact-match kind of lookup on hot pages, so nothing too serious. ... As for the question of guarantees, there are none, at least in SQL Server. ... Some other DBMSs have row-level security built in, but I wonder if BOA or another financial services firm could win a lawsuit against Oracle if someone sees the wrong data? ... Server login account to connect to a SQL Server 2005 database. ...
    (microsoft.public.sqlserver.security)
  • Re: Trusted connection
    ... I apologize) the SQL Server I'm talking about is on different box (also ... admin rights to Windows XP, the same username is a member of Domain ... (which is NOT my local login account name). ...
    (microsoft.public.sqlserver.security)