G
Hi all. I've got a problem with SqlMembershipProvider and impersonation
that I'm stuck on.
I'm using forms authentication for membership on the site, which is
running under a windows user account with priverlages to the SQL
database using impersonation and a connection string including
Integrated Security=SSPI.
If I specify the userName and password fields in the identity element
of web.config the SqlMembershipProvider gets access to the database
fine. However if I just use <identity impersonate="true" /> the
membership provider gets denied by the SQL database which says that no
user was specified.
At the same time System.Security.Principal.WindowsIdentity shows the
correct user and my own connections work fine from the same string.
I think it might be something to do with SqlMembershipProvider calling
System.Web.DataAccess.SqlConnectionHelper.GetConnection(String
connectionString, Boolean revertImpersonation) but this is hidden and
undocumented by Microsoft.
I don't want to include user names and passwords in my web.config as
this is bad practice, but I don't have an alternative at the moment!
Thanks in advance,
Graham
that I'm stuck on.
I'm using forms authentication for membership on the site, which is
running under a windows user account with priverlages to the SQL
database using impersonation and a connection string including
Integrated Security=SSPI.
If I specify the userName and password fields in the identity element
of web.config the SqlMembershipProvider gets access to the database
fine. However if I just use <identity impersonate="true" /> the
membership provider gets denied by the SQL database which says that no
user was specified.
At the same time System.Security.Principal.WindowsIdentity shows the
correct user and my own connections work fine from the same string.
I think it might be something to do with SqlMembershipProvider calling
System.Web.DataAccess.SqlConnectionHelper.GetConnection(String
connectionString, Boolean revertImpersonation) but this is hidden and
undocumented by Microsoft.
I don't want to include user names and passwords in my web.config as
this is bad practice, but I don't have an alternative at the moment!
Thanks in advance,
Graham