Logons without security

Hi folks,
Hoping someone can help.
I am wondering how you can set up windows ME so only the
users with a user name AND password can log on to my PC.
I have an issue where someone can just hit enter on a user
name and blank password and log on as a new user on my PC.
Is there any one out there who knows how I can limit use
to people that have a username AND password only' I am
hoping that I can set up the PC so that only people with
passwords can get onto the internet.
Thank you in advance for any assistance.Hi,
Can you please post this query to microsoft.public.windowsme.general group.
Thanks
Hari
MCDBA
"benn@.sympatico.ca" <anonymous@.discussions.microsoft.com> wrote in message
news:108b701c43fa5$9c3e9f80$a501280a@.phx
.gbl...
> Hi folks,
> Hoping someone can help.
> I am wondering how you can set up windows ME so only the
> users with a user name AND password can log on to my PC.
> I have an issue where someone can just hit enter on a user
> name and blank password and log on as a new user on my PC.
> Is there any one out there who knows how I can limit use
> to people that have a username AND password only' I am
> hoping that I can set up the PC so that only people with
> passwords can get onto the internet.
> Thank you in advance for any assistance.

logon.aspx won't render images or style

Hello - we are using the custom security extension and SSL on our reporting site. Everything works great except for the logon.aspx page. It functions fine but it won't display the embedded styles or images on the page. Any clue why that would be? We get a white page with broken image links.

Our uilogin.aspx page shows styles and images. We've cut and pasted this code directly into logon.aspx but it still doesn't work. I have verified that the files are in the ReportServer folder.

Thanks for any help you can give.

OK, we figured out a workaround. We have to use a URL to the Report Manager to be able to reference any resourced items like images and style sheets. Here's our image reference that works:

<LINK REL="stylesheet" TYPE="text/css" HREF="https://rpmreports.mycompany.com/reports/pages/LOGIN_SCREEN.CSS">

sql

Logins and sp permissions

I am using NT logins and have Users defined in Security section of
Enterprise Manager and also in the database/users section, as db_Owners.
I can only get users to access the .ade file successfully from certain PCs.
The error is related to permissions on particular stored procedures that are
used to poulate the inital screen. The stored procedures populate list boxes
and appear blank when opened. However I have buttons associated with the
list loxes that sort the data via each column in the list box, and when
these are used the data appears in the list boxes.
On the PCs that fail the stored procedures are suffixed by ;1
I feel that it maybe PC specific but the workstations involved are similar
using a standard desktop configuration, latest service packs etc
TIA
WarwayTry using SQL Profiler to capture the traffic between a working machine and
a client that is failing.
Thanks,
Kevin McDonnell
Microsoft Corporation
This posting is provided AS IS with no warranties, and confers no rights.

login/security problems

This is a story:
I cannot signin to the new QA db with any existing id
other than ALEX. When I try I get this message "Cannot
open database requested in login ' QA '. Login fails.
Please contact system administrator."
And I can't create any new user ids - I get this
message "User does not have permission to perform this
action" though I'm using my ALEX id, and this message is
followed by a db error. The id gets created, but when I
try to signin with it I get this message "Logon failed
for user ... Please contact system administrator."
How should I fix this problem?Alexl
Perhaps a default database to which the user has been assigined does not
exist.
Can you login as SA and then create users?
"Alex" <anonymous@.discussions.microsoft.com> wrote in message
news:009201c3b434$ad6d8200$a101280a@.phx.gbl...
> This is a story:
> I cannot signin to the new QA db with any existing id
> other than ALEX. When I try I get this message "Cannot
> open database requested in login ' QA '. Login fails.
> Please contact system administrator."
> And I can't create any new user ids - I get this
> message "User does not have permission to perform this
> action" though I'm using my ALEX id, and this message is
> followed by a db error. The id gets created, but when I
> try to signin with it I get this message "Logon failed
> for user ... Please contact system administrator."
> How should I fix this problem?

login with security on records based on data (not tables)

Hi,
Is it possible to define a login on an SQL SERVER that has only access to
certain records in a table based on the data in the records?
For example login LoginA can should only be able to
update/read/insert/delete records with the Field Company = 'A'. LoginB only
those for Company = 'B'.
Is there some way for doing this?
I should be able to do something like this with views (one view for each
login), and define in the views the records they can use. But I would really
need something directly to the table, or if not with only one view (one view
for all the login's).
Is there some way, soem trick or I don't knwo what the produce such a
behaviour?
Any help or hint would be really aprpeciated!
Thanks a lot in advance,
Pieter
See if this helps:
http://vyaskn.tripod.com/row_level_s..._databases.htm
HTH,
Vyas, MVP (SQL Server)
http://vyaskn.tripod.com/
"DraguVaso" <pietercoucke@.hotmail.com> wrote in message
news:ugcklHoiEHA.2356@.TK2MSFTNGP10.phx.gbl...
Hi,
Is it possible to define a login on an SQL SERVER that has only access to
certain records in a table based on the data in the records?
For example login LoginA can should only be able to
update/read/insert/delete records with the Field Company = 'A'. LoginB only
those for Company = 'B'.
Is there some way for doing this?
I should be able to do something like this with views (one view for each
login), and define in the views the records they can use. But I would really
need something directly to the table, or if not with only one view (one view
for all the login's).
Is there some way, soem trick or I don't knwo what the produce such a
behaviour?
Any help or hint would be really aprpeciated!
Thanks a lot in advance,
Pieter
|||Thanks man! You did a nice job there!! This wil be very helpfull!!!
"Narayana Vyas Kondreddi" <answer_me@.hotmail.com> wrote in message
news:esiJ5RoiEHA.212@.TK2MSFTNGP10.phx.gbl...
> See if this helps:
> http://vyaskn.tripod.com/row_level_s..._databases.htm
> --
> HTH,
> Vyas, MVP (SQL Server)
> http://vyaskn.tripod.com/
>
> "DraguVaso" <pietercoucke@.hotmail.com> wrote in message
> news:ugcklHoiEHA.2356@.TK2MSFTNGP10.phx.gbl...
> Hi,
> Is it possible to define a login on an SQL SERVER that has only access to
> certain records in a table based on the data in the records?
> For example login LoginA can should only be able to
> update/read/insert/delete records with the Field Company = 'A'. LoginB
only
> those for Company = 'B'.
> Is there some way for doing this?
> I should be able to do something like this with views (one view for each
> login), and define in the views the records they can use. But I would
really
> need something directly to the table, or if not with only one view (one
view
> for all the login's).
> Is there some way, soem trick or I don't knwo what the produce such a
> behaviour?
> Any help or hint would be really aprpeciated!
> Thanks a lot in advance,
> Pieter
>
>

login with security on records based on data (not tables)

Hi,
Is it possible to define a login on an SQL SERVER that has only access to
certain records in a table based on the data in the records?
For example login LoginA can should only be able to
update/read/insert/delete records with the Field Company = 'A'. LoginB only
those for Company = 'B'.
Is there some way for doing this?
I should be able to do something like this with views (one view for each
login), and define in the views the records they can use. But I would really
need something directly to the table, or if not with only one view (one view
for all the login's).
Is there some way, soem trick or I don't knwo what the produce such a
behaviour?
Any help or hint would be really aprpeciated!
Thanks a lot in advance,
PieterSee if this helps:
es.htm" target="_blank">http://vyaskn.tripod.com/ row_level...as
es.htm
--
HTH,
Vyas, MVP (SQL Server)
http://vyaskn.tripod.com/
"DraguVaso" <pietercoucke@.hotmail.com> wrote in message
news:ugcklHoiEHA.2356@.TK2MSFTNGP10.phx.gbl...
Hi,
Is it possible to define a login on an SQL SERVER that has only access to
certain records in a table based on the data in the records?
For example login LoginA can should only be able to
update/read/insert/delete records with the Field Company = 'A'. LoginB only
those for Company = 'B'.
Is there some way for doing this?
I should be able to do something like this with views (one view for each
login), and define in the views the records they can use. But I would really
need something directly to the table, or if not with only one view (one view
for all the login's).
Is there some way, soem trick or I don't knwo what the produce such a
behaviour?
Any help or hint would be really aprpeciated!
Thanks a lot in advance,
Pieter|||Thanks man! You did a nice job there!! This wil be very helpfull!!!
"Narayana Vyas Kondreddi" <answer_me@.hotmail.com> wrote in message
news:esiJ5RoiEHA.212@.TK2MSFTNGP10.phx.gbl...
> See if this helps:
> es.htm" target="_blank">http://vyaskn.tripod.com/ row_level...as
es.htm
> --
> HTH,
> Vyas, MVP (SQL Server)
> http://vyaskn.tripod.com/
>
> "DraguVaso" <pietercoucke@.hotmail.com> wrote in message
> news:ugcklHoiEHA.2356@.TK2MSFTNGP10.phx.gbl...
> Hi,
> Is it possible to define a login on an SQL SERVER that has only access to
> certain records in a table based on the data in the records?
> For example login LoginA can should only be able to
> update/read/insert/delete records with the Field Company = 'A'. LoginB
only
> those for Company = 'B'.
> Is there some way for doing this?
> I should be able to do something like this with views (one view for each
> login), and define in the views the records they can use. But I would
really
> need something directly to the table, or if not with only one view (one
view
> for all the login's).
> Is there some way, soem trick or I don't knwo what the produce such a
> behaviour?
> Any help or hint would be really aprpeciated!
> Thanks a lot in advance,
> Pieter
>
>

login with security on records based on data (not tables)

Hi,
Is it possible to define a login on an SQL SERVER that has only access to
certain records in a table based on the data in the records?
For example login LoginA can should only be able to
update/read/insert/delete records with the Field Company = 'A'. LoginB only
those for Company = 'B'.
Is there some way for doing this?
I should be able to do something like this with views (one view for each
login), and define in the views the records they can use. But I would really
need something directly to the table, or if not with only one view (one view
for all the login's).
Is there some way, soem trick or I don't knwo what the produce such a
behaviour?
Any help or hint would be really aprpeciated!
Thanks a lot in advance,
PieterSee if this helps:
http://vyaskn.tripod.com/row_level_security_in_sql_server_databases.htm
--
HTH,
Vyas, MVP (SQL Server)
http://vyaskn.tripod.com/
"DraguVaso" <pietercoucke@.hotmail.com> wrote in message
news:ugcklHoiEHA.2356@.TK2MSFTNGP10.phx.gbl...
Hi,
Is it possible to define a login on an SQL SERVER that has only access to
certain records in a table based on the data in the records?
For example login LoginA can should only be able to
update/read/insert/delete records with the Field Company = 'A'. LoginB only
those for Company = 'B'.
Is there some way for doing this?
I should be able to do something like this with views (one view for each
login), and define in the views the records they can use. But I would really
need something directly to the table, or if not with only one view (one view
for all the login's).
Is there some way, soem trick or I don't knwo what the produce such a
behaviour?
Any help or hint would be really aprpeciated!
Thanks a lot in advance,
Pieter|||Thanks man! You did a nice job there!! This wil be very helpfull!!!
"Narayana Vyas Kondreddi" <answer_me@.hotmail.com> wrote in message
news:esiJ5RoiEHA.212@.TK2MSFTNGP10.phx.gbl...
> See if this helps:
> http://vyaskn.tripod.com/row_level_security_in_sql_server_databases.htm
> --
> HTH,
> Vyas, MVP (SQL Server)
> http://vyaskn.tripod.com/
>
> "DraguVaso" <pietercoucke@.hotmail.com> wrote in message
> news:ugcklHoiEHA.2356@.TK2MSFTNGP10.phx.gbl...
> Hi,
> Is it possible to define a login on an SQL SERVER that has only access to
> certain records in a table based on the data in the records?
> For example login LoginA can should only be able to
> update/read/insert/delete records with the Field Company = 'A'. LoginB
only
> those for Company = 'B'.
> Is there some way for doing this?
> I should be able to do something like this with views (one view for each
> login), and define in the views the records they can use. But I would
really
> need something directly to the table, or if not with only one view (one
view
> for all the login's).
> Is there some way, soem trick or I don't knwo what the produce such a
> behaviour?
> Any help or hint would be really aprpeciated!
> Thanks a lot in advance,
> Pieter
>
>

Login With Domain Account

I doing some testing with security and ran into the following problem.

I want to log into the SQL server (from Query Analyzer) using my
domain account. To allow this, I went into Logins section in
Enterprise Manager and added my user account as a Windows User.

If I set Analyzer to use Windows authentication I am to log in with no
problems. But if it is set to SQL Server authentication and I type in
my username (in the format domain\username or username@.domain) and
password I get a login error.

Is there a way to login in to SQL using domain account without using
windows authentication?

Thanks,
JasonHi

If you are wanting to use the windows accounts to log into the database
server, then you will have to use windows authentication.

John

"Jason" <JayCallas@.hotmail.com> wrote in message
news:f01a7c89.0407010728.1ba158c2@.posting.google.c om...
> I doing some testing with security and ran into the following problem.
> I want to log into the SQL server (from Query Analyzer) using my
> domain account. To allow this, I went into Logins section in
> Enterprise Manager and added my user account as a Windows User.
> If I set Analyzer to use Windows authentication I am to log in with no
> problems. But if it is set to SQL Server authentication and I type in
> my username (in the format domain\username or username@.domain) and
> password I get a login error.
> Is there a way to login in to SQL using domain account without using
> windows authentication?
> Thanks,
> Jason|||Jason (JayCallas@.hotmail.com) writes:
> If I set Analyzer to use Windows authentication I am to log in with no
> problems. But if it is set to SQL Server authentication and I type in
> my username (in the format domain\username or username@.domain) and
> password I get a login error.

To log in with SQL authentication, you first need to create an SQL
login with sp_addlogin.

> Is there a way to login in to SQL using domain account without using
> windows authentication?

No. I tried:

sp_addlogin '[KESMETS\Sommar]'

and was rewarded with:

Server: Msg 15006, Level 16, State 1, Procedure sp_addlogin, Line 42
'[KESMETS\Sommar]' is not a valid name because it contains invalid
characters.

And in case, that would not be a reasonable thing to do.

What SQL authentication is, is a username and password defined in SQL
Server only. This is generally more unsafe than Windows authentication,
because of two reasons:
1) There is no protection against brute-force attacks.
2) Passwords are easy to sniff, because encryption is poor.

--
Erland Sommarskog, SQL Server MVP, esquel@.sommarskog.se

Books Online for SQL Server SP3 at
http://www.microsoft.com/sql/techin.../2000/books.asp

Login SQL Server using Integrated Security ! Problem

ok thi is my code for test

SqlConnection conn = new SqlConnection("server=majed13;Integrated Security=SSPI;");
conn.Open();
conn.Close();

connection isOK
the user logged in SQL Server isASPNET USER
i want looged in currentNT USER not ASPNET USER
thanx in advanceIt get the current user, you can use impersonation, and disable anonymous access to the Web. Is this on an Intranet? Do all users have rights to SQL Server? Is there a domain in place?|||Is this on an Intranet?Yes
Do all users have rights to SQL Server?Yes
Is there a domain in place?Yes

the problem in current user it's take the ASPNET not NT USER why ??
|||aspnet is the default iis user. Your best bet is to utilize ASP.NET's impersonation abilities in the web.config.

http://msdn.microsoft.com/library/en-us/vsent7/html/vxconImpersonation.asp?frame=true

that should explain a lot of it for you.

Either that, or utilize a DAL or stop using Integrated Security. :)|||the answer is

<identity impersonate="true" />

thank you

login security question

Hi,
I have an application which connects to the SQL server. We have several users logging into this application. All of their user-id, passwords are validated and converted to an owner profile, which is then used throughout the application.
My problem is, this owner profile should be prevented from accessing the database directly using Enterprise Manager or Query Analyser. The database should be accessible only from the application for this owner/global profile.
How do I go about achieving this. The application was set up like this by a person long time back who is not with us anymore. Also, I do not know SQL Server Administration. So, please detail out what information I have to look up and what steps I will hav
e to follow.
Thank you in advance.
Sunny
Look into SQL Server Books online for "application roles" topic. This
explains about how to create and activate an application role within your
program and use it. This may require some code changes.
HTH
Prasad Koukuntla
"Sunanda" <Sunny@.discussions.microsoft.com> wrote in message
news:87CB3205-C041-4F23-AC6E-7BF23E7AB2C6@.microsoft.com...
> Hi,
> I have an application which connects to the SQL server. We have several
users logging into this application. All of their user-id, passwords are
validated and converted to an owner profile, which is then used throughout
the application.
> My problem is, this owner profile should be prevented from accessing the
database directly using Enterprise Manager or Query Analyser. The database
should be accessible only from the application for this owner/global
profile.
> How do I go about achieving this. The application was set up like this by
a person long time back who is not with us anymore. Also, I do not know SQL
Server Administration. So, please detail out what information I have to look
up and what steps I will have to follow.
> Thank you in advance.
> Sunny
|||In my opinion, that does not seem possible. SQL doesn't know what CLIENT TOOL is touching it. If the "connection" from the client application comes in through a username/password, then that username/password has access to SELECT, UPDATE, DELETE, etc fro
m tables.
That is why we do all our database access through STORED PROCEDURES - so actual table access is not possible. Granted, the users can still call STORED PROCEDURES from the EM and QA tools, but that is less likely to happen.
Can you hide the "connection" username/password from the users?
"Sunanda" wrote:

> Hi,
> I have an application which connects to the SQL server. We have several users logging into this application. All of their user-id, passwords are validated and converted to an owner profile, which is then used throughout the application.
> My problem is, this owner profile should be prevented from accessing the database directly using Enterprise Manager or Query Analyser. The database should be accessible only from the application for this owner/global profile.
> How do I go about achieving this. The application was set up like this by a person long time back who is not with us anymore. Also, I do not know SQL Server Administration. So, please detail out what information I have to look up and what steps I will h
ave to follow.
> Thank you in advance.
> Sunny
|||Steve,
No the connection profile is alreay know to the users, that is why we would like to prevent users from using that in the enterprise manager to make changes.
Please let me know if there are any options.
Thanks a lot.
Sunny
"Steve Z" wrote:

> In my opinion, that does not seem possible. SQL doesn't know what CLIENT TOOL is touching it. If the "connection" from the client application comes in through a username/password, then that username/password has access to SELECT, UPDATE, DELETE, etc f
rom tables.[vbcol=seagreen]
> That is why we do all our database access through STORED PROCEDURES - so actual table access is not possible. Granted, the users can still call STORED PROCEDURES from the EM and QA tools, but that is less likely to happen.
> Can you hide the "connection" username/password from the users?
> "Sunanda" wrote:
have to follow.[vbcol=seagreen]
|||"Sunanda" <Sunny@.discussions.microsoft.com> wrote in message
news:87CB3205-C041-4F23-AC6E-7BF23E7AB2C6@.microsoft.com...
> Hi,
> I have an application which connects to the SQL server. We have several
users logging into this application. All of their user-id, passwords are
validated and converted to an owner profile, which is then used throughout
the application.
> My problem is, this owner profile should be prevented from accessing the
database directly using Enterprise Manager or Query Analyser. The database
should be accessible only from the application for this owner/global
profile.
> How do I go about achieving this. The application was set up like this by
a person long time back who is not with us anymore. Also, I do not know SQL
Server Administration. So, please detail out what information I have to look
up and what steps I will have to follow.
If you can alter the code in the client application, you can use application
roles.
1) Use Enterprise Manager to access the database / roles. New Role. click
the Application Role radio button and give it a nice secure, obscure
password.
2) Give the Application Role the appropriate permissions.
3) Revoke the users' permissions
4) in the code of the application, put in a call to a stored procedure
called (I think, from memory) sp_setAppRole (F1 for application role to see
what the stored proc is called) using the secret password for the App Role
(which you don't share with the end users).
Now your users will have the appropriate permissions when using your app,
but not when using QA or any other app.
On an entirely different tack, you can try Group Policies. Use a GP to tie
down their desktop so that they are not allowed to run Quey Analyzer or
Enterprise Manager.
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.711 / Virus Database: 467 - Release Date: 25/06/2004
|||Bob,
Thanks for your reply. I kinda understand this Application Role approach. Could you please explain the following:
1. Say the password for the Application role is found, can a user access the database through the Query Analyser or Enterprise Manager using the application rolde/password.
2. At present the application tracks the user who makes the changes to the database through the application. The application passes the userid to the stored procedures. But if I put in a Applciation role in between, will I still have the actual userid to
track who actually did the inserts and updates through the front-end.
Thanks in advance,
Sunanda.
"Bob Simms" wrote:

> "Sunanda" <Sunny@.discussions.microsoft.com> wrote in message
> news:87CB3205-C041-4F23-AC6E-7BF23E7AB2C6@.microsoft.com...
> users logging into this application. All of their user-id, passwords are
> validated and converted to an owner profile, which is then used throughout
> the application.
> database directly using Enterprise Manager or Query Analyser. The database
> should be accessible only from the application for this owner/global
> profile.
> a person long time back who is not with us anymore. Also, I do not know SQL
> Server Administration. So, please detail out what information I have to look
> up and what steps I will have to follow.
> If you can alter the code in the client application, you can use application
> roles.
> 1) Use Enterprise Manager to access the database / roles. New Role. click
> the Application Role radio button and give it a nice secure, obscure
> password.
> 2) Give the Application Role the appropriate permissions.
> 3) Revoke the users' permissions
> 4) in the code of the application, put in a call to a stored procedure
> called (I think, from memory) sp_setAppRole (F1 for application role to see
> what the stored proc is called) using the secret password for the App Role
> (which you don't share with the end users).
> Now your users will have the appropriate permissions when using your app,
> but not when using QA or any other app.
> On an entirely different tack, you can try Group Policies. Use a GP to tie
> down their desktop so that they are not allowed to run Quey Analyzer or
> Enterprise Manager.
>
> --
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.711 / Virus Database: 467 - Release Date: 25/06/2004
>
>
|||<<1. Say the password for the Application role is found, can a user access the database through the
Query Analyser or Enterprise Manager using the application rolde/password.>>
Yes.
<<2. At present the application tracks the user who makes the changes to the database through the
application. The application passes the userid to the stored procedures. But if I put in a
Applciation role in between, will I still have the actual userid to track who actually did the
inserts and updates through the front-end.>>
Yes. You can see the login id for the users, and you can use the SYSTEM_USER function in, for
example, a trigger to get the login name. The user name, however, will be the app role name.
Tibor Karaszi, SQL Server MVP
http://www.karaszi.com/sqlserver/default.asp
http://www.solidqualitylearning.com/
"Sunanda" <Sunanda@.discussions.microsoft.com> wrote in message
news:00D6F5D5-0BC3-43A4-A313-649B5E2E215C@.microsoft.com...
> Bob,
> Thanks for your reply. I kinda understand this Application Role approach. Could you please explain
the following:
> 1. Say the password for the Application role is found, can a user access the database through the
Query Analyser or Enterprise Manager using the application rolde/password.
> 2. At present the application tracks the user who makes the changes to the database through the
application. The application passes the userid to the stored procedures. But if I put in a
Applciation role in between, will I still have the actual userid to track who actually did the
inserts and updates through the front-end.[vbcol=seagreen]
> Thanks in advance,
> Sunanda.
>
> "Bob Simms" wrote:
|||Thanks for your reply.
But can't the application role be restricted from using the QA/EM? This is not a completely secure method. Is there any alternative.
Thanks,
sunanda.
"Tibor Karaszi" wrote:

> <<1. Say the password for the Application role is found, can a user access the database through the
> Query Analyser or Enterprise Manager using the application rolde/password.>>
> Yes.
>
> <<2. At present the application tracks the user who makes the changes to the database through the
> application. The application passes the userid to the stored procedures. But if I put in a
> Applciation role in between, will I still have the actual userid to track who actually did the
> inserts and updates through the front-end.>>
> Yes. You can see the login id for the users, and you can use the SYSTEM_USER function in, for
> example, a trigger to get the login name. The user name, however, will be the app role name.
> --
> Tibor Karaszi, SQL Server MVP
> http://www.karaszi.com/sqlserver/default.asp
> http://www.solidqualitylearning.com/
>
> "Sunanda" <Sunanda@.discussions.microsoft.com> wrote in message
> news:00D6F5D5-0BC3-43A4-A313-649B5E2E215C@.microsoft.com...
> the following:
> Query Analyser or Enterprise Manager using the application rolde/password.
> application. The application passes the userid to the stored procedures. But if I put in a
> Applciation role in between, will I still have the actual userid to track who actually did the
> inserts and updates through the front-end.
>
>
|||> But can't the application role be restricted from using the QA/EM?
No, that is not the way it work. You need to protect the password. Why do you say it is not a secure method?
Are you afraid of network sniffing? There's an encryption option in sp_setapprole.

> Is there any alternative.
I don't know what your requirements are, as I haven't read the full thread. App roles is a nice feature for
what it is performing. Other options includes app logins using a special password (but all users will use the
same logins), app uses stored procedures and views to access data...
Tibor Karaszi, SQL Server MVP
http://www.karaszi.com/sqlserver/default.asp
http://www.solidqualitylearning.com/
"Sunanda" <Sunanda@.discussions.microsoft.com> wrote in message
news:CA998A64-A51E-42B4-9B8D-E06C37624B65@.microsoft.com...
> Thanks for your reply.
> But can't the application role be restricted from using the QA/EM? This is not a completely secure method.
Is there any alternative.[vbcol=seagreen]
> Thanks,
> sunanda.
>
> "Tibor Karaszi" wrote:

login security question

Hi,
I have an application which connects to the SQL server. We have several user
s logging into this application. All of their user-id, passwords are validat
ed and converted to an owner profile, which is then used throughout the appl
ication.
My problem is, this owner profile should be prevented from accessing the dat
abase directly using Enterprise Manager or Query Analyser. The database shou
ld be accessible only from the application for this owner/global profile.
How do I go about achieving this. The application was set up like this by a
person long time back who is not with us anymore. Also, I do not know SQL Se
rver Administration. So, please detail out what information I have to look u
p and what steps I will hav
e to follow.
Thank you in advance.
SunnyLook into SQL Server Books online for "application roles" topic. This
explains about how to create and activate an application role within your
program and use it. This may require some code changes.
HTH
Prasad Koukuntla
"Sunanda" <Sunny@.discussions.microsoft.com> wrote in message
news:87CB3205-C041-4F23-AC6E-7BF23E7AB2C6@.microsoft.com...
> Hi,
> I have an application which connects to the SQL server. We have several
users logging into this application. All of their user-id, passwords are
validated and converted to an owner profile, which is then used throughout
the application.
> My problem is, this owner profile should be prevented from accessing the
database directly using Enterprise Manager or Query Analyser. The database
should be accessible only from the application for this owner/global
profile.
> How do I go about achieving this. The application was set up like this by
a person long time back who is not with us anymore. Also, I do not know SQL
Server Administration. So, please detail out what information I have to look
up and what steps I will have to follow.
> Thank you in advance.
> Sunny|||In my opinion, that does not seem possible. SQL doesn't know what CLIENT TO
OL is touching it. If the "connection" from the client application comes in
through a username/password, then that username/password has access to SELE
CT, UPDATE, DELETE, etc fro
m tables.
That is why we do all our database access through STORED PROCEDURES - so act
ual table access is not possible. Granted, the users can still call STORED
PROCEDURES from the EM and QA tools, but that is less likely to happen.
Can you hide the "connection" username/password from the users?
"Sunanda" wrote:

> Hi,
> I have an application which connects to the SQL server. We have several us
ers logging into this application. All of their user-id, passwords are valid
ated and converted to an owner profile, which is then used throughout the ap
plication.
> My problem is, this owner profile should be prevented from accessing the d
atabase directly using Enterprise Manager or Query Analyser. The database sh
ould be accessible only from the application for this owner/global profile.
> How do I go about achieving this. The application was set up like this by a person
long time back who is not with us anymore. Also, I do not know SQL Server Administr
ation. So, please detail out what information I have to look up and what steps I wil
l h
ave to follow.
> Thank you in advance.
> Sunny|||Steve,
No the connection profile is alreay know to the users, that is why we would
like to prevent users from using that in the enterprise manager to make chan
ges.
Please let me know if there are any options.
Thanks a lot.
Sunny
"Steve Z" wrote:

> In my opinion, that does not seem possible. SQL doesn't know what CLIENT TOOL is
touching it. If the "connection" from the client application comes in through a use
rname/password, then that username/password has access to SELECT, UPDATE, DELETE, et
c f
rom tables.[vbcol=seagreen]
> That is why we do all our database access through STORED PROCEDURES - so a
ctual table access is not possible. Granted, the users can still call STORE
D PROCEDURES from the EM and QA tools, but that is less likely to happen.
> Can you hide the "connection" username/password from the users?
> "Sunanda" wrote:
>
have to follow.[vbcol=seagreen]|||"Sunanda" <Sunny@.discussions.microsoft.com> wrote in message
news:87CB3205-C041-4F23-AC6E-7BF23E7AB2C6@.microsoft.com...
> Hi,
> I have an application which connects to the SQL server. We have several
users logging into this application. All of their user-id, passwords are
validated and converted to an owner profile, which is then used throughout
the application.
> My problem is, this owner profile should be prevented from accessing the
database directly using Enterprise Manager or Query Analyser. The database
should be accessible only from the application for this owner/global
profile.
> How do I go about achieving this. The application was set up like this by
a person long time back who is not with us anymore. Also, I do not know SQL
Server Administration. So, please detail out what information I have to look
up and what steps I will have to follow.
If you can alter the code in the client application, you can use application
roles.
1) Use Enterprise Manager to access the database / roles. New Role. click
the Application Role radio button and give it a nice secure, obscure
password.
2) Give the Application Role the appropriate permissions.
3) Revoke the users' permissions
4) in the code of the application, put in a call to a stored procedure
called (I think, from memory) sp_setAppRole (F1 for application role to see
what the stored proc is called) using the secret password for the App Role
(which you don't share with the end users).
Now your users will have the appropriate permissions when using your app,
but not when using QA or any other app.
On an entirely different tack, you can try Group Policies. Use a GP to tie
down their desktop so that they are not allowed to run Quey Analyzer or
Enterprise Manager.
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.711 / Virus Database: 467 - Release Date: 25/06/2004|||Bob,
Thanks for your reply. I kinda understand this Application Role approach. Co
uld you please explain the following:
1. Say the password for the Application role is found, can a user access the
database through the Query Analyser or Enterprise Manager using the applica
tion rolde/password.
2. At present the application tracks the user who makes the changes to the d
atabase through the application. The application passes the userid to the st
ored procedures. But if I put in a Applciation role in between, will I still
have the actual userid to
track who actually did the inserts and updates through the front-end.
Thanks in advance,
Sunanda.
"Bob Simms" wrote:

> "Sunanda" <Sunny@.discussions.microsoft.com> wrote in message
> news:87CB3205-C041-4F23-AC6E-7BF23E7AB2C6@.microsoft.com...
> users logging into this application. All of their user-id, passwords are
> validated and converted to an owner profile, which is then used throughout
> the application.
> database directly using Enterprise Manager or Query Analyser. The database
> should be accessible only from the application for this owner/global
> profile.
> a person long time back who is not with us anymore. Also, I do not know SQ
L
> Server Administration. So, please detail out what information I have to lo
ok
> up and what steps I will have to follow.
> If you can alter the code in the client application, you can use applicati
on
> roles.
> 1) Use Enterprise Manager to access the database / roles. New Role. clic
k
> the Application Role radio button and give it a nice secure, obscure
> password.
> 2) Give the Application Role the appropriate permissions.
> 3) Revoke the users' permissions
> 4) in the code of the application, put in a call to a stored procedure
> called (I think, from memory) sp_setAppRole (F1 for application role to s
ee
> what the stored proc is called) using the secret password for the App Role
> (which you don't share with the end users).
> Now your users will have the appropriate permissions when using your app,
> but not when using QA or any other app.
> On an entirely different tack, you can try Group Policies. Use a GP to ti
e
> down their desktop so that they are not allowed to run Quey Analyzer or
> Enterprise Manager.
>
> --
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.711 / Virus Database: 467 - Release Date: 25/06/2004
>
>|||<<1. Say the password for the Application role is found, can a user access t
he database through the
Query Analyser or Enterprise Manager using the application rolde/password.>>
Yes.
<<2. At present the application tracks the user who makes the changes to the
database through the
application. The application passes the userid to the stored procedures. But
if I put in a
Applciation role in between, will I still have the actual userid to track wh
o actually did the
inserts and updates through the front-end.>>
Yes. You can see the login id for the users, and you can use the SYSTEM_USER
function in, for
example, a trigger to get the login name. The user name, however, will be th
e app role name.
--
Tibor Karaszi, SQL Server MVP
http://www.karaszi.com/sqlserver/default.asp
http://www.solidqualitylearning.com/
"Sunanda" <Sunanda@.discussions.microsoft.com> wrote in message
news:00D6F5D5-0BC3-43A4-A313-649B5E2E215C@.microsoft.com...
> Bob,
> Thanks for your reply. I kinda understand this Application Role approach. Could yo
u please explain
the following:
> 1. Say the password for the Application role is found, can a user access the datab
ase through the
Query Analyser or Enterprise Manager using the application rolde/password.
> 2. At present the application tracks the user who makes the changes to the databas
e through the
application. The application passes the userid to the stored procedures. But
if I put in a
Applciation role in between, will I still have the actual userid to track wh
o actually did the
inserts and updates through the front-end.[vbcol=seagreen]
> Thanks in advance,
> Sunanda.
>
> "Bob Simms" wrote:
>|||Thanks for your reply.
But can't the application role be restricted from using the QA/EM? This is n
ot a completely secure method. Is there any alternative.
Thanks,
sunanda.
"Tibor Karaszi" wrote:

> <<1. Say the password for the Application role is found, can a user access
the database through the
> Query Analyser or Enterprise Manager using the application rolde/password.
>>
> Yes.
>
> <<2. At present the application tracks the user who makes the changes to t
he database through the
> application. The application passes the userid to the stored procedures. B
ut if I put in a
> Applciation role in between, will I still have the actual userid to track
who actually did the
> inserts and updates through the front-end.>>
> Yes. You can see the login id for the users, and you can use the SYSTEM_US
ER function in, for
> example, a trigger to get the login name. The user name, however, will be
the app role name.
> --
> Tibor Karaszi, SQL Server MVP
> http://www.karaszi.com/sqlserver/default.asp
> http://www.solidqualitylearning.com/
>
> "Sunanda" <Sunanda@.discussions.microsoft.com> wrote in message
> news:00D6F5D5-0BC3-43A4-A313-649B5E2E215C@.microsoft.com...
> the following:
> Query Analyser or Enterprise Manager using the application rolde/password.
> application. The application passes the userid to the stored procedures. B
ut if I put in a
> Applciation role in between, will I still have the actual userid to track
who actually did the
> inserts and updates through the front-end.
>
>|||> But can't the application role be restricted from using the QA/EM?
No, that is not the way it work. You need to protect the password. Why do yo
u say it is not a secure method?
Are you afraid of network sniffing? There's an encryption option in sp_setap
prole.

> Is there any alternative.
I don't know what your requirements are, as I haven't read the full thread.
App roles is a nice feature for
what it is performing. Other options includes app logins using a special pas
sword (but all users will use the
same logins), app uses stored procedures and views to access data...
--
Tibor Karaszi, SQL Server MVP
http://www.karaszi.com/sqlserver/default.asp
http://www.solidqualitylearning.com/
"Sunanda" <Sunanda@.discussions.microsoft.com> wrote in message
news:CA998A64-A51E-42B4-9B8D-E06C37624B65@.microsoft.com...
> Thanks for your reply.
> But can't the application role be restricted from using the QA/EM? This is not a c
ompletely secure method.
Is there any alternative.[vbcol=seagreen]
> Thanks,
> sunanda.
>
> "Tibor Karaszi" wrote:
>

Login Security issues

RS installed on machine outside the firewall using SQL installed locally,
accessing data on SQL server inside the firewall using a shared data source.
Have given group browser rights on the top-level folder in RS.
When user initially accesses the reports home page, they are prompted for a
login and then the home page folders are displayed. Clicking on the folder
displays all the reports. Accessing a report prompts for login again. Same
user & password will display the report - and the login is not requested
again for the duration of the session.
How to avoid prompting for login twice?
Thanks
MarkI have more information on this issue...
WHen accessing from outside, the first login grants access to the home page
and the reports folders. However, when selecting a report - at the point
where we get a second login request in side the firewall - instead we get an
error:
The page cannot be displayed
Cannot find server or DNS Error|||More details...
Inside the firewall all works fine..
Outside the firewall I get these results...
This is the home page:
http://<server>/reports/Pages/Folder.aspx
This page works fine
Click on the folder for Remedy Reports and it goes here
http://<server>/Reports/Pages/Folder.aspx?ItemPath=%2fRemedy+Reports&IsDetailsView=False
This page works fine
Click on a report to view it and..
http://<server>/Reports/Pages/Report.aspx?ItemPath=%2fRemedy+Reports%2f72+Hour+Report
Outside the firewall, this page gets an error:
Cannot find server or DNS error|||Hopefully someone else can jump in with the particulars but I remember
seeing in another post
where there was a place in a config file that you need to make a change so
the server is in the form of servername.blah.blah rather than just
servername.
Just a guess since I have not had this situation occur before.
Bruce Loehle-Conger
MVP SQL Server Reporting Services
"Mark Nicks" <MarkNicks@.discussions.microsoft.com> wrote in message
news:864759C8-39B0-4D23-9F7A-914464D13D3C@.microsoft.com...
> More details...
> Inside the firewall all works fine..
> Outside the firewall I get these results...
> This is the home page:
> http://<server>/reports/Pages/Folder.aspx
> This page works fine
> Click on the folder for Remedy Reports and it goes here:
>
http://<server>/Reports/Pages/Folder.aspx?ItemPath=%2fRemedy+Reports&IsDetailsView=False
> This page works fine
> Click on a report to view it and...
>
http://<server>/Reports/Pages/Report.aspx?ItemPath=%2fRemedy+Reports%2f72+Hour+Report
> Outside the firewall, this page gets an error:
> Cannot find server or DNS error|||Bruce I did find the answer posted in the forum. I'm reposting Dmitry
Vasilevsy's response here for anyone who runs across it...
Try accessing /ReportServer virtual folder (not /Report) from outside the
intranet, if it works, you just need to configure Report Manager application
properly.
The simplest way to do this is when you are running Report Server and Report
Manager application on the same machine (this is the only option available
when you run setup). Go look at the Report Manager configuration file,
RSWebApplication.config. There is a UI section
<UI>
<ReportServerUrl>http://intranet-computer-name/ReportServer</ReportServerUrl
>
</UI>
Change it to
<UI>
<ReportServerVirtualDirectory>/ReportServer</ReportServerVirtualDirectory>
</UI>
You should be able to access Report Manager from both intranet and internet.

Login Question

Hi
Current configuration: SQL Server with SQL Security.
A disc where the backup file is written is protected and ony the members of
the domain are allowed to write to it.
Problem when a user sends a request to the SQL Server for a backup some sort
of errors occurs because the database doesn't have the permission to write
to the disc
I would expect that although the database does the backup the permission to
write to the disc will be based on the user that sent the request.
Can anyone please clarify the situation
Thank you in advance,
Shmuel Shulman
SBS Technologies LTDHi,
No, that depends up the SQL Server service startup account.
Thanks
Hari
SQL Server MVP
"S Shulman" <smshulman@.hotmail.com> wrote in message
news:ugJEuqtlFHA.3256@.TK2MSFTNGP12.phx.gbl...
> Hi
> Current configuration: SQL Server with SQL Security.
> A disc where the backup file is written is protected and ony the members
> of the domain are allowed to write to it.
> Problem when a user sends a request to the SQL Server for a backup some
> sort of errors occurs because the database doesn't have the permission to
> write to the disc
> I would expect that although the database does the backup the permission
> to write to the disc will be based on the user that sent the request.
> Can anyone please clarify the situation
> Thank you in advance,
> Shmuel Shulman
> SBS Technologies LTD
>|||Thnks,
Shmuel
"Hari Prasad" <hari_prasad_k@.hotmail.com> wrote in message
news:eoioCEulFHA.3256@.TK2MSFTNGP12.phx.gbl...
> Hi,
> No, that depends up the SQL Server service startup account.
> Thanks
> Hari
> SQL Server MVP
> "S Shulman" <smshulman@.hotmail.com> wrote in message
> news:ugJEuqtlFHA.3256@.TK2MSFTNGP12.phx.gbl...
>

Login problem by not being in sysadmin group

Hi All

I experience a very strange login problem:

I create standard security login, let say test1/test1 with a default db test and assign it sysadmin group.

All is working well.

The moment remove sysadmin group from this login, i start getting errors:

Login failed for user 'test1'

... when I login from remote server. If I login from the same host - it continues with no problem.

When I go to sql server configuration manager, I see next:

sql native client configuration(32bit):

shared memeory enabled

tcp/ip enabled

named pipes enabled

VIA disabled

The same settings from sql server 2005 network configuration / protocols for mssqlserver

sql native client configuration / client protocols

sql 2005 surface area configuration / remote connections is configured:

local and remote connections (checked), using both tcp/ip and named pipes.

Does anybody have a clue?

What is the default database for your login?

WesleyB

Visit my SQL Server weblog @. http://dis4ea.blogspot.com

|||

Hi Wesley

Default db is named 'test'. I made sure login has default db and can browse it.

|||

Try changing the default database to master. If you can then connect with that login, there is a problem with the users access to what you were using for the default database.

-Sue

Login problem by not being in sysadmin group

Hi All

I experience a very strange login problem:

I create standard security login, let say test1/test1 with a default db test and assign it sysadmin group.

All is working well.

The moment remove sysadmin group from this login, i start getting errors:

Login failed for user 'test1'

... when I login from remote server. If I login from the same host - it continues with no problem.

When I go to sql server configuration manager, I see next:

sql native client configuration(32bit):

shared memeory enabled

tcp/ip enabled

named pipes enabled

VIA disabled

The same settings from sql server 2005 network configuration / protocols for mssqlserver

sql native client configuration / client protocols

sql 2005 surface area configuration / remote connections is configured:

local and remote connections (checked), using both tcp/ip and named pipes.

Does anybody have a clue?

What is the default database for your login?

WesleyB

Visit my SQL Server weblog @. http://dis4ea.blogspot.com

|||

Hi Wesley

Default db is named 'test'. I made sure login has default db and can browse it.

|||

Try changing the default database to master. If you can then connect with that login, there is a problem with the users access to what you were using for the default database.

-Sue

Login problem after DB restore

SQL 7.0 using SQL/Windows authenication.
A DB backup was restored from one server to another which
had a new install of SQL 7.0.
Problem:
In EM/Security, if I try to add the user login 'xxx' with
access to the restored DB, SQL says the login name
already exists in the the DB. Yet, it doesn't exist, that
I can see any where. If I try to access the DB from an
ODBC connection using the login 'xxx' it denies access.
I tried droplogin 'xxx', but that didn't help.
Any ideas?
Thanks,
DonRead up on sp_change_users_login within Books Online. I am sure that it =
will solve your problem.
--=20
Keith
"Don" <anonymous@.discussions.microsoft.com> wrote in message =
news:763a01c406aa$374e45a0$a601280a@.phx.gbl...
> SQL 7.0 using SQL/Windows authenication.
>=20
> A DB backup was restored from one server to another which=20
> had a new install of SQL 7.0.=20
>=20
> Problem:
> In EM/Security, if I try to add the user login 'xxx' with=20
> access to the restored DB, SQL says the login name=20
> already exists in the the DB. Yet, it doesn't exist, that=20
> I can see any where. If I try to access the DB from an=20
> ODBC connection using the login 'xxx' it denies access.
> I tried droplogin 'xxx', but that didn't help.
> Any ideas?
> Thanks,
> Don
>

Login problem

Hi all,
I wrote an ISAPI (dll) application to work with a database on my SQL2K. When
I use windows NT integrated security (MyDomain\Username), The application
works properly. But when I use a specific username and password (using a sql
buildin login) I get this error message when adding a new record to the
database.
Internal Application Error
Application uses a value of the wrong type for the current operation
I granted the user to have full access to the database.
Any help would be appreciated.
Thank you,
MehrdadHi
Does the user have all appropriate permissions to insert data into table?
"M. Noroozi Eghbali" <galaxy@.irandoc.ac.ir> wrote in message
news:%23CCQpjtyEHA.2600@.TK2MSFTNGP09.phx.gbl...
> Hi all,
> I wrote an ISAPI (dll) application to work with a database on my SQL2K.
When
> I use windows NT integrated security (MyDomain\Username), The application
> works properly. But when I use a specific username and password (using a
sql
> buildin login) I get this error message when adding a new record to the
> database.
> --
> Internal Application Error
> Application uses a value of the wrong type for the current operation
> --
> I granted the user to have full access to the database.
> Any help would be appreciated.
> Thank you,
> Mehrdad
>|||Yes, the user have all the permissions to Insert, Delete, Edit, and Create
the table.
Mehrdad
"Uri Dimant" <urid@.iscar.co.il> wrote in message
news:O4Zq21tyEHA.3120@.TK2MSFTNGP12.phx.gbl...
> Hi
> Does the user have all appropriate permissions to insert data into table?
>
>
>
> "M. Noroozi Eghbali" <galaxy@.irandoc.ac.ir> wrote in message
> news:%23CCQpjtyEHA.2600@.TK2MSFTNGP09.phx.gbl...
> When
application[vbcol=seagreen]
> sql
>|||Hi
Perhaps you try to insert a value that has a different datatype (as error
said). Can you show us the INSERT statement?
"M. Noroozi Eghbali" <galaxy@.irandoc.ac.ir> wrote in message
news:uK$TWauyEHA.352@.TK2MSFTNGP14.phx.gbl...
> Yes, the user have all the permissions to Insert, Delete, Edit, and Create
> the table.
> Mehrdad
>
> "Uri Dimant" <urid@.iscar.co.il> wrote in message
> news:O4Zq21tyEHA.3120@.TK2MSFTNGP12.phx.gbl...
table?[vbcol=seagreen]
SQL2K.[vbcol=seagreen]
> application
a[vbcol=seagreen]
the[vbcol=seagreen]
>|||Thank you Uru for your notice to my problem. I asked the administrator to
restart the SQL server. It works now properly.
Thank you,
Mehrdad
"Uri Dimant" <urid@.iscar.co.il> wrote in message
news:OMn4KduyEHA.2568@.TK2MSFTNGP10.phx.gbl...
> Hi
> Perhaps you try to insert a value that has a different datatype (as error
> said). Can you show us the INSERT statement?
>
>
>
> "M. Noroozi Eghbali" <galaxy@.irandoc.ac.ir> wrote in message
> news:uK$TWauyEHA.352@.TK2MSFTNGP14.phx.gbl...
Create[vbcol=seagreen]
> table?
> SQL2K.
(using[vbcol=seagreen]
> a
> the
>

Login problem

This is probably all due to my limited understanding of SQL Server security,
so any direction will be greatly appreciated.
Using Win2K, SQLServer 7, and VB.NET 2005..
My app requires a user to login to the database. Since the PCs running the
app are shared, I can't use the current logged in user so the app has a
login screen. The idea is to use the same uid and pwd used to login to their
Windows account. SQL Server is set up to use mixed authentication. So the
user logged in to the PC is Dave. Now Steve sits down to run the app and
logins in through the app's login screen. The app builds a connect string:
Server=server1;Database=homedb;User
ID=DOM1\Steve;Password=stevepwd;Integrat
ed Security=SSPI
This always connects as the current user logged in to the PC. If I remove
the Integrated Security token, the login fails because the SQL Server login
DOM1\Steve does not exist.
What I'm after is letting SQL Server validate the user against an existing
Windows login which may or may not be the user currently logged in to the
machine. Is there any way to do this?
Thanks..
Michael WhiteMicheal,
What you are asking is possible, but difficult. In your connection string,
you would not want to use a UID parameter, that is for SQL Server
authentication. If you were using SQL Server 2005, you might be able to get
by with using the EXECUTE AS clause, but that's not an option here. So you
will need to write some code that impersonates the user who is logging into
the database. I'm assuming that since you mention VB.NET 2005, you are using
the .Net Framework 2.0 to code against. Look in MSDN -> .Net Development ->
.Net Framework SDK -> .Net Framework -> programming with the .Net Framework
-> Securing Applications -> Role-Based Security -> Principal and Identity
Objects -> Impersonating and Reverting.
That article is about doing what you ask, only from the standpoint of a web
page. But to do what you want, the tasks will be the same. If you think it's
something you want to tackle, let me know and I can drop some code...
Dave
"Michael White" wrote:

> This is probably all due to my limited understanding of SQL Server securit
y,
> so any direction will be greatly appreciated.
> Using Win2K, SQLServer 7, and VB.NET 2005..
> My app requires a user to login to the database. Since the PCs running the
> app are shared, I can't use the current logged in user so the app has a
> login screen. The idea is to use the same uid and pwd used to login to the
ir
> Windows account. SQL Server is set up to use mixed authentication. So the
> user logged in to the PC is Dave. Now Steve sits down to run the app and
> logins in through the app's login screen. The app builds a connect string:
> Server=server1;Database=homedb;User
> ID=DOM1\Steve;Password=stevepwd;Integrat
ed Security=SSPI
> This always connects as the current user logged in to the PC. If I remove
> the Integrated Security token, the login fails because the SQL Server logi
n
> DOM1\Steve does not exist.
> What I'm after is letting SQL Server validate the user against an existing
> Windows login which may or may not be the user currently logged in to the
> machine. Is there any way to do this?
> Thanks..
> Michael White
>
>|||Dave..
Many thanks.. that MSDN article was exactly what I needed. I have it working
like a charm! Thanks again
Michael
"DGardner" <DGardner@.discussions.microsoft.com> wrote in message
news:DCAFCEAC-6C67-497A-B940-1290B5456B4D@.microsoft.com...[vbcol=seagreen]
> Micheal,
> What you are asking is possible, but difficult. In your connection string,
> you would not want to use a UID parameter, that is for SQL Server
> authentication. If you were using SQL Server 2005, you might be able to
> get
> by with using the EXECUTE AS clause, but that's not an option here. So you
> will need to write some code that impersonates the user who is logging
> into
> the database. I'm assuming that since you mention VB.NET 2005, you are
> using
> the .Net Framework 2.0 to code against. Look in MSDN -> .Net
> Development ->
> .Net Framework SDK -> .Net Framework -> programming with the .Net
> Framework
> -> Securing Applications -> Role-Based Security -> Principal and Identity
> Objects -> Impersonating and Reverting.
> That article is about doing what you ask, only from the standpoint of a
> web
> page. But to do what you want, the tasks will be the same. If you think
> it's
> something you want to tackle, let me know and I can drop some code...
> Dave
> "Michael White" wrote:
>