|
Home > Archive > MS SQL Server security > April 2006 > Login problem
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| Michael White 2006-04-03, 8:23 pm |
| This is probably all due to my limited understanding of SQL Server security,
so any direction will be greatly appreciated.
Using Win2K, SQLServer 7, and VB.NET 2005..
My app requires a user to login to the database. Since the PCs running the
app are shared, I can't use the current logged in user so the app has a
login screen. The idea is to use the same uid and pwd used to login to their
Windows account. SQL Server is set up to use mixed authentication. So the
user logged in to the PC is Dave. Now Steve sits down to run the app and
logins in through the app's login screen. The app builds a connect string:
Server=server1;Datab
ase=homedb;User
ID=DOM1\Steve;Passwo
rd=stevepwd;Integrat
ed Security=SSPI
This always connects as the current user logged in to the PC. If I remove
the Integrated Security token, the login fails because the SQL Server login
DOM1\Steve does not exist.
What I'm after is letting SQL Server validate the user against an existing
Windows login which may or may not be the user currently logged in to the
machine. Is there any way to do this?
Thanks..
Michael White
| |
| DGardner 2006-04-03, 8:23 pm |
| Micheal,
What you are asking is possible, but difficult. In your connection string,
you would not want to use a UID parameter, that is for SQL Server
authentication. If you were using SQL Server 2005, you might be able to get
by with using the EXECUTE AS clause, but that's not an option here. So you
will need to write some code that impersonates the user who is logging into
the database. I'm assuming that since you mention VB.NET 2005, you are using
the .Net Framework 2.0 to code against. Look in MSDN -> .Net Development ->
..Net Framework SDK -> .Net Framework -> Programming with the .Net Framework
-> Securing Applications -> Role-Based Security -> Principal and Identity
Objects -> Impersonating and Reverting.
That article is about doing what you ask, only from the standpoint of a web
page. But to do what you want, the tasks will be the same. If you think it's
something you want to tackle, let me know and I can drop some code...
Dave
"Michael White" wrote:
> This is probably all due to my limited understanding of SQL Server security,
> so any direction will be greatly appreciated.
>
> Using Win2K, SQLServer 7, and VB.NET 2005..
>
> My app requires a user to login to the database. Since the PCs running the
> app are shared, I can't use the current logged in user so the app has a
> login screen. The idea is to use the same uid and pwd used to login to their
> Windows account. SQL Server is set up to use mixed authentication. So the
> user logged in to the PC is Dave. Now Steve sits down to run the app and
> logins in through the app's login screen. The app builds a connect string:
> Server=server1;Datab
ase=homedb;User
> ID=DOM1\Steve;Passwo
rd=stevepwd;Integrat
ed Security=SSPI
>
> This always connects as the current user logged in to the PC. If I remove
> the Integrated Security token, the login fails because the SQL Server login
> DOM1\Steve does not exist.
>
> What I'm after is letting SQL Server validate the user against an existing
> Windows login which may or may not be the user currently logged in to the
> machine. Is there any way to do this?
>
> Thanks..
>
> Michael White
>
>
>
| |
| Michael White 2006-04-05, 8:23 pm |
| Dave..
Many thanks.. that MSDN article was exactly what I needed. I have it working
like a charm! Thanks again
Michael
"DGardner" < DGardner@discussions
.microsoft.com> wrote in message
news:DCAFCEAC-6C67-497A-B940- 1290B5456B4D@microso
ft.com...[color=darkred]
> Micheal,
> What you are asking is possible, but difficult. In your connection string,
> you would not want to use a UID parameter, that is for SQL Server
> authentication. If you were using SQL Server 2005, you might be able to
> get
> by with using the EXECUTE AS clause, but that's not an option here. So you
> will need to write some code that impersonates the user who is logging
> into
> the database. I'm assuming that since you mention VB.NET 2005, you are
> using
> the .Net Framework 2.0 to code against. Look in MSDN -> .Net
> Development ->
> .Net Framework SDK -> .Net Framework -> Programming with the .Net
> Framework
> -> Securing Applications -> Role-Based Security -> Principal and Identity
> Objects -> Impersonating and Reverting.
>
> That article is about doing what you ask, only from the standpoint of a
> web
> page. But to do what you want, the tasks will be the same. If you think
> it's
> something you want to tackle, let me know and I can drop some code...
>
> Dave
>
> "Michael White" wrote:
>
|
|
|
|
|