This is probably all due to my limited understanding of SQL Server security,
so any direction will be greatly appreciated.
Using Win2K, SQLServer 7, and VB.NET 2005..
My app requires a user to login to the database. Since the PCs running the
app are shared, I can't use the current logged in user so the app has a
login screen. The idea is to use the same uid and pwd used to login to their
Windows account. SQL Server is set up to use mixed authentication. So the
user logged in to the PC is Dave. Now Steve sits down to run the app and
logins in through the app's login screen. The app builds a connect string:
Server=server1;Database=homedb;User
ID=DOM1\Steve;Password=stevepwd;Integrat
ed Security=SSPI
This always connects as the current user logged in to the PC. If I remove
the Integrated Security token, the login fails because the SQL Server login
DOM1\Steve does not exist.
What I'm after is letting SQL Server validate the user against an existing
Windows login which may or may not be the user currently logged in to the
machine. Is there any way to do this?
Thanks..
Michael WhiteMicheal,
What you are asking is possible, but difficult. In your connection string,
you would not want to use a UID parameter, that is for SQL Server
authentication. If you were using SQL Server 2005, you might be able to get
by with using the EXECUTE AS clause, but that's not an option here. So you
will need to write some code that impersonates the user who is logging into
the database. I'm assuming that since you mention VB.NET 2005, you are using
the .Net Framework 2.0 to code against. Look in MSDN -> .Net Development ->
.Net Framework SDK -> .Net Framework -> programming with the .Net Framework
-> Securing Applications -> Role-Based Security -> Principal and Identity
Objects -> Impersonating and Reverting.
That article is about doing what you ask, only from the standpoint of a web
page. But to do what you want, the tasks will be the same. If you think it's
something you want to tackle, let me know and I can drop some code...
Dave
"Michael White" wrote:
> This is probably all due to my limited understanding of SQL Server securit
y,
> so any direction will be greatly appreciated.
> Using Win2K, SQLServer 7, and VB.NET 2005..
> My app requires a user to login to the database. Since the PCs running the
> app are shared, I can't use the current logged in user so the app has a
> login screen. The idea is to use the same uid and pwd used to login to the
ir
> Windows account. SQL Server is set up to use mixed authentication. So the
> user logged in to the PC is Dave. Now Steve sits down to run the app and
> logins in through the app's login screen. The app builds a connect string:
> Server=server1;Database=homedb;User
> ID=DOM1\Steve;Password=stevepwd;Integrat
ed Security=SSPI
> This always connects as the current user logged in to the PC. If I remove
> the Integrated Security token, the login fails because the SQL Server logi
n
> DOM1\Steve does not exist.
> What I'm after is letting SQL Server validate the user against an existing
> Windows login which may or may not be the user currently logged in to the
> machine. Is there any way to do this?
> Thanks..
> Michael White
>
>|||Dave..
Many thanks.. that MSDN article was exactly what I needed. I have it working
like a charm! Thanks again
Michael
"DGardner" <DGardner@.discussions.microsoft.com> wrote in message
news:DCAFCEAC-6C67-497A-B940-1290B5456B4D@.microsoft.com...[vbcol=seagreen]
> Micheal,
> What you are asking is possible, but difficult. In your connection string,
> you would not want to use a UID parameter, that is for SQL Server
> authentication. If you were using SQL Server 2005, you might be able to
> get
> by with using the EXECUTE AS clause, but that's not an option here. So you
> will need to write some code that impersonates the user who is logging
> into
> the database. I'm assuming that since you mention VB.NET 2005, you are
> using
> the .Net Framework 2.0 to code against. Look in MSDN -> .Net
> Development ->
> .Net Framework SDK -> .Net Framework -> programming with the .Net
> Framework
> -> Securing Applications -> Role-Based Security -> Principal and Identity
> Objects -> Impersonating and Reverting.
> That article is about doing what you ask, only from the standpoint of a
> web
> page. But to do what you want, the tasks will be the same. If you think
> it's
> something you want to tackle, let me know and I can drop some code...
> Dave
> "Michael White" wrote:
>
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment