windows authentication to SQL Server

Discussion in 'ASP .Net' started by Mark, Dec 12, 2003.

  1. Mark

    Mark Guest

    Is there a way to use ASP.NET's windows authentication so that the user that
    is using our web page is the user that is connected to our SQL Server? This
    will allow us to leverage our domain roles/groups. Our connection string is
    below.

    The options I've found so far I don't like:
    1. Impersonation - sql server permissions would be granted to this single
    account.
    2. Granting rights to the ASP.NET user account on our SQL Server - sql
    server permissions would be granted to this account.

    In both cases, we could pass the name as a parameter so we can audit the
    activity, but we'd really like our sql server security to be based on our
    windows logins - not the rights of some other account like the impersonated
    account or the ASP.NET account.

    Suggestions? Thanks in advance!
    Mark
     
    Mark, Dec 12, 2003
    #1
    1. Advertising

  2. Use impersonation and disable anonymous authentication (in IIS.)
    Also in IIS make sure integrated windows authentication is checked.
    This way it should run under the user's account.

    --
    I hope this helps,
    Steve C. Orr, MCSD, MVP
    http://Steve.Orr.net
    Hire top-notch developers at http://www.able-consulting.com



    "Mark" <> wrote in message
    news:...
    > Is there a way to use ASP.NET's windows authentication so that the user

    that
    > is using our web page is the user that is connected to our SQL Server?

    This
    > will allow us to leverage our domain roles/groups. Our connection string

    is
    > below.
    >
    > The options I've found so far I don't like:
    > 1. Impersonation - sql server permissions would be granted to this single
    > account.
    > 2. Granting rights to the ASP.NET user account on our SQL Server - sql
    > server permissions would be granted to this account.
    >
    > In both cases, we could pass the name as a parameter so we can audit the
    > activity, but we'd really like our sql server security to be based on our
    > windows logins - not the rights of some other account like the

    impersonated
    > account or the ASP.NET account.
    >
    > Suggestions? Thanks in advance!
    > Mark
    >
    >
     
    Steve C. Orr [MVP, MCSD], Dec 12, 2003
    #2
    1. Advertising

  3. Mark

    Mark Guest

    Interesting. I will try this out, but your first sentence strikes me as
    non-intuitive. Impersonation (to me) means that you're going to use an
    account other than the one that is currenlty logged in. For example, if I
    enter the impersonation information (see below) into the web.config, how do
    I make it use the current users account, rather than some specific account?
    Is there an alternative syntax?

    <authentication mode="Windows" />
    <identity impersonate="true" userName="domain\username"
    password="password"/>

    Thanks Steve.
    Mark


    "Steve C. Orr [MVP, MCSD]" <> wrote in message
    news:%...
    > Use impersonation and disable anonymous authentication (in IIS.)
    > Also in IIS make sure integrated windows authentication is checked.
    > This way it should run under the user's account.
    >
    > --
    > I hope this helps,
    > Steve C. Orr, MCSD, MVP
    > http://Steve.Orr.net
    > Hire top-notch developers at http://www.able-consulting.com
    >
    >
    >
    > "Mark" <> wrote in message
    > news:...
    > > Is there a way to use ASP.NET's windows authentication so that the user

    > that
    > > is using our web page is the user that is connected to our SQL Server?

    > This
    > > will allow us to leverage our domain roles/groups. Our connection

    string
    > is
    > > below.
    > >
    > > The options I've found so far I don't like:
    > > 1. Impersonation - sql server permissions would be granted to this

    single
    > > account.
    > > 2. Granting rights to the ASP.NET user account on our SQL Server - sql
    > > server permissions would be granted to this account.
    > >
    > > In both cases, we could pass the name as a parameter so we can audit the
    > > activity, but we'd really like our sql server security to be based on

    our
    > > windows logins - not the rights of some other account like the

    > impersonated
    > > account or the ASP.NET account.
    > >
    > > Suggestions? Thanks in advance!
    > > Mark
    > >
    > >

    >
    >
     
    Mark, Dec 12, 2003
    #3
  4. Don't specify a particular user. Let IIS take care of that. So your
    identity impersonate line should look like this:
    <identity impersonate="true"/>

    --
    I hope this helps,
    Steve C. Orr, MCSD, MVP
    http://Steve.Orr.net
    Hire top-notch developers at http://www.able-consulting.com



    "Mark" <> wrote in message
    news:e$...
    > Interesting. I will try this out, but your first sentence strikes me as
    > non-intuitive. Impersonation (to me) means that you're going to use an
    > account other than the one that is currenlty logged in. For example, if I
    > enter the impersonation information (see below) into the web.config, how

    do
    > I make it use the current users account, rather than some specific

    account?
    > Is there an alternative syntax?
    >
    > <authentication mode="Windows" />
    > <identity impersonate="true" userName="domain\username"
    > password="password"/>
    >
    > Thanks Steve.
    > Mark
    >
    >
    > "Steve C. Orr [MVP, MCSD]" <> wrote in message
    > news:%...
    > > Use impersonation and disable anonymous authentication (in IIS.)
    > > Also in IIS make sure integrated windows authentication is checked.
    > > This way it should run under the user's account.
    > >
    > > --
    > > I hope this helps,
    > > Steve C. Orr, MCSD, MVP
    > > http://Steve.Orr.net
    > > Hire top-notch developers at http://www.able-consulting.com
    > >
    > >
    > >
    > > "Mark" <> wrote in message
    > > news:...
    > > > Is there a way to use ASP.NET's windows authentication so that the

    user
    > > that
    > > > is using our web page is the user that is connected to our SQL Server?

    > > This
    > > > will allow us to leverage our domain roles/groups. Our connection

    > string
    > > is
    > > > below.
    > > >
    > > > The options I've found so far I don't like:
    > > > 1. Impersonation - sql server permissions would be granted to this

    > single
    > > > account.
    > > > 2. Granting rights to the ASP.NET user account on our SQL Server - sql
    > > > server permissions would be granted to this account.
    > > >
    > > > In both cases, we could pass the name as a parameter so we can audit

    the
    > > > activity, but we'd really like our sql server security to be based on

    > our
    > > > windows logins - not the rights of some other account like the

    > > impersonated
    > > > account or the ASP.NET account.
    > > >
    > > > Suggestions? Thanks in advance!
    > > > Mark
    > > >
    > > >

    > >
    > >

    >
    >
     
    Steve C. Orr [MVP, MCSD], Dec 12, 2003
    #4
  5. Mark

    Mark Guest

    Slick! Thank you!

    "Steve C. Orr [MVP, MCSD]" <> wrote in message
    news:...
    > Don't specify a particular user. Let IIS take care of that. So your
    > identity impersonate line should look like this:
    > <identity impersonate="true"/>
    >
    > --
    > I hope this helps,
    > Steve C. Orr, MCSD, MVP
    > http://Steve.Orr.net
    > Hire top-notch developers at http://www.able-consulting.com
    >
    >
    >
    > "Mark" <> wrote in message
    > news:e$...
    > > Interesting. I will try this out, but your first sentence strikes me as
    > > non-intuitive. Impersonation (to me) means that you're going to use an
    > > account other than the one that is currenlty logged in. For example, if

    I
    > > enter the impersonation information (see below) into the web.config, how

    > do
    > > I make it use the current users account, rather than some specific

    > account?
    > > Is there an alternative syntax?
    > >
    > > <authentication mode="Windows" />
    > > <identity impersonate="true" userName="domain\username"
    > > password="password"/>
    > >
    > > Thanks Steve.
    > > Mark
    > >
    > >
    > > "Steve C. Orr [MVP, MCSD]" <> wrote in message
    > > news:%...
    > > > Use impersonation and disable anonymous authentication (in IIS.)
    > > > Also in IIS make sure integrated windows authentication is checked.
    > > > This way it should run under the user's account.
    > > >
    > > > --
    > > > I hope this helps,
    > > > Steve C. Orr, MCSD, MVP
    > > > http://Steve.Orr.net
    > > > Hire top-notch developers at http://www.able-consulting.com
    > > >
    > > >
    > > >
    > > > "Mark" <> wrote in message
    > > > news:...
    > > > > Is there a way to use ASP.NET's windows authentication so that the

    > user
    > > > that
    > > > > is using our web page is the user that is connected to our SQL

    Server?
    > > > This
    > > > > will allow us to leverage our domain roles/groups. Our connection

    > > string
    > > > is
    > > > > below.
    > > > >
    > > > > The options I've found so far I don't like:
    > > > > 1. Impersonation - sql server permissions would be granted to this

    > > single
    > > > > account.
    > > > > 2. Granting rights to the ASP.NET user account on our SQL Server -

    sql
    > > > > server permissions would be granted to this account.
    > > > >
    > > > > In both cases, we could pass the name as a parameter so we can audit

    > the
    > > > > activity, but we'd really like our sql server security to be based

    on
    > > our
    > > > > windows logins - not the rights of some other account like the
    > > > impersonated
    > > > > account or the ASP.NET account.
    > > > >
    > > > > Suggestions? Thanks in advance!
    > > > > Mark
    > > > >
    > > > >
    > > >
    > > >

    > >
    > >

    >
    >
     
    Mark, Dec 12, 2003
    #5
  6. Mark

    Dimitre

    Joined:
    Apr 14, 2008
    Messages:
    1
    sql server impersonation

    I am trying to process a cube in an extremely simple sql server installation - it will only run on my pc. Yet, I am getting:

    The datasource , 'xxx', contains an ImpersonationMode that that is not supported for processing operations.

    Does anybody know how I can resolve this impersonation issue? (I do not really need impersonation for my purposes)
     
    Dimitre, Apr 14, 2008
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Lior Amar
    Replies:
    2
    Views:
    690
    Lior Amar
    Aug 27, 2003
  2. =?Utf-8?B?UmV6YQ==?=
    Replies:
    3
    Views:
    17,986
    Carlos Barini
    Jun 7, 2004
  3. mcollier
    Replies:
    6
    Views:
    4,200
    Vikram Vamshi
    Feb 24, 2005
  4. Nils Magnus Englund

    Windows authentication from ASP.NET to SQL Server

    Nils Magnus Englund, Aug 8, 2005, in forum: ASP .Net
    Replies:
    8
    Views:
    11,951
    Paul Clement
    Aug 16, 2005
  5. andy
    Replies:
    2
    Views:
    624
Loading...

Share This Page