Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

windows authentication to SQL Server

1 view
Skip to first unread message

Mark

unread,
Dec 12, 2003, 12:56:24 PM12/12/03
to
Is there a way to use ASP.NET's windows authentication so that the user that
is using our web page is the user that is connected to our SQL Server? This
will allow us to leverage our domain roles/groups. Our connection string is
below.

The options I've found so far I don't like:
1. Impersonation - sql server permissions would be granted to this single
account.
2. Granting rights to the ASP.NET user account on our SQL Server - sql
server permissions would be granted to this account.

In both cases, we could pass the name as a parameter so we can audit the
activity, but we'd really like our sql server security to be based on our
windows logins - not the rights of some other account like the impersonated
account or the ASP.NET account.

Suggestions? Thanks in advance!
Mark


Steve C. Orr [MVP, MCSD]

unread,
Dec 12, 2003, 1:17:10 PM12/12/03
to
Use impersonation and disable anonymous authentication (in IIS.)
Also in IIS make sure integrated windows authentication is checked.
This way it should run under the user's account.

--
I hope this helps,
Steve C. Orr, MCSD, MVP
http://Steve.Orr.net
Hire top-notch developers at http://www.able-consulting.com

"Mark" <mfi...@idonotlikespam.cce.umn.edu> wrote in message
news:uzFNDlNw...@tk2msftngp13.phx.gbl...

Mark

unread,
Dec 12, 2003, 3:17:57 PM12/12/03
to
Interesting. I will try this out, but your first sentence strikes me as
non-intuitive. Impersonation (to me) means that you're going to use an
account other than the one that is currenlty logged in. For example, if I
enter the impersonation information (see below) into the web.config, how do
I make it use the current users account, rather than some specific account?
Is there an alternative syntax?

<authentication mode="Windows" />
<identity impersonate="true" userName="domain\username"
password="password"/>

Thanks Steve.
Mark


"Steve C. Orr [MVP, MCSD]" <St...@Orr.net> wrote in message
news:%23ADjpwN...@TK2MSFTNGP12.phx.gbl...

Steve C. Orr [MVP, MCSD]

unread,
Dec 12, 2003, 5:04:51 PM12/12/03
to
Don't specify a particular user. Let IIS take care of that. So your
identity impersonate line should look like this:
<identity impersonate="true"/>

--
I hope this helps,
Steve C. Orr, MCSD, MVP
http://Steve.Orr.net
Hire top-notch developers at http://www.able-consulting.com

"Mark" <field027...@umn.edu> wrote in message
news:e$o0DzOwD...@TK2MSFTNGP12.phx.gbl...

Mark

unread,
Dec 12, 2003, 5:17:17 PM12/12/03
to
Slick! Thank you!

"Steve C. Orr [MVP, MCSD]" <St...@Orr.net> wrote in message

news:ud9a4vPw...@TK2MSFTNGP09.phx.gbl...

0 new messages