Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > windows authentication to SQL Server

Reply
Thread Tools

windows authentication to SQL Server

 
 
Mark
Guest
Posts: n/a
 
      12-12-2003
Is there a way to use ASP.NET's windows authentication so that the user that
is using our web page is the user that is connected to our SQL Server? This
will allow us to leverage our domain roles/groups. Our connection string is
below.

The options I've found so far I don't like:
1. Impersonation - sql server permissions would be granted to this single
account.
2. Granting rights to the ASP.NET user account on our SQL Server - sql
server permissions would be granted to this account.

In both cases, we could pass the name as a parameter so we can audit the
activity, but we'd really like our sql server security to be based on our
windows logins - not the rights of some other account like the impersonated
account or the ASP.NET account.

Suggestions? Thanks in advance!
Mark


 
Reply With Quote
 
 
 
 
Steve C. Orr [MVP, MCSD]
Guest
Posts: n/a
 
      12-12-2003
Use impersonation and disable anonymous authentication (in IIS.)
Also in IIS make sure integrated windows authentication is checked.
This way it should run under the user's account.

--
I hope this helps,
Steve C. Orr, MCSD, MVP
http://Steve.Orr.net
Hire top-notch developers at http://www.able-consulting.com



"Mark" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Is there a way to use ASP.NET's windows authentication so that the user

that
> is using our web page is the user that is connected to our SQL Server?

This
> will allow us to leverage our domain roles/groups. Our connection string

is
> below.
>
> The options I've found so far I don't like:
> 1. Impersonation - sql server permissions would be granted to this single
> account.
> 2. Granting rights to the ASP.NET user account on our SQL Server - sql
> server permissions would be granted to this account.
>
> In both cases, we could pass the name as a parameter so we can audit the
> activity, but we'd really like our sql server security to be based on our
> windows logins - not the rights of some other account like the

impersonated
> account or the ASP.NET account.
>
> Suggestions? Thanks in advance!
> Mark
>
>



 
Reply With Quote
 
 
 
 
Mark
Guest
Posts: n/a
 
      12-12-2003
Interesting. I will try this out, but your first sentence strikes me as
non-intuitive. Impersonation (to me) means that you're going to use an
account other than the one that is currenlty logged in. For example, if I
enter the impersonation information (see below) into the web.config, how do
I make it use the current users account, rather than some specific account?
Is there an alternative syntax?

<authentication mode="Windows" />
<identity impersonate="true" userName="domain\username"
password="password"/>

Thanks Steve.
Mark


"Steve C. Orr [MVP, MCSD]" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> Use impersonation and disable anonymous authentication (in IIS.)
> Also in IIS make sure integrated windows authentication is checked.
> This way it should run under the user's account.
>
> --
> I hope this helps,
> Steve C. Orr, MCSD, MVP
> http://Steve.Orr.net
> Hire top-notch developers at http://www.able-consulting.com
>
>
>
> "Mark" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > Is there a way to use ASP.NET's windows authentication so that the user

> that
> > is using our web page is the user that is connected to our SQL Server?

> This
> > will allow us to leverage our domain roles/groups. Our connection

string
> is
> > below.
> >
> > The options I've found so far I don't like:
> > 1. Impersonation - sql server permissions would be granted to this

single
> > account.
> > 2. Granting rights to the ASP.NET user account on our SQL Server - sql
> > server permissions would be granted to this account.
> >
> > In both cases, we could pass the name as a parameter so we can audit the
> > activity, but we'd really like our sql server security to be based on

our
> > windows logins - not the rights of some other account like the

> impersonated
> > account or the ASP.NET account.
> >
> > Suggestions? Thanks in advance!
> > Mark
> >
> >

>
>



 
Reply With Quote
 
Steve C. Orr [MVP, MCSD]
Guest
Posts: n/a
 
      12-12-2003
Don't specify a particular user. Let IIS take care of that. So your
identity impersonate line should look like this:
<identity impersonate="true"/>

--
I hope this helps,
Steve C. Orr, MCSD, MVP
http://Steve.Orr.net
Hire top-notch developers at http://www.able-consulting.com



"Mark" <(E-Mail Removed)> wrote in message
news:e$(E-Mail Removed)...
> Interesting. I will try this out, but your first sentence strikes me as
> non-intuitive. Impersonation (to me) means that you're going to use an
> account other than the one that is currenlty logged in. For example, if I
> enter the impersonation information (see below) into the web.config, how

do
> I make it use the current users account, rather than some specific

account?
> Is there an alternative syntax?
>
> <authentication mode="Windows" />
> <identity impersonate="true" userName="domain\username"
> password="password"/>
>
> Thanks Steve.
> Mark
>
>
> "Steve C. Orr [MVP, MCSD]" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
> > Use impersonation and disable anonymous authentication (in IIS.)
> > Also in IIS make sure integrated windows authentication is checked.
> > This way it should run under the user's account.
> >
> > --
> > I hope this helps,
> > Steve C. Orr, MCSD, MVP
> > http://Steve.Orr.net
> > Hire top-notch developers at http://www.able-consulting.com
> >
> >
> >
> > "Mark" <(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed)...
> > > Is there a way to use ASP.NET's windows authentication so that the

user
> > that
> > > is using our web page is the user that is connected to our SQL Server?

> > This
> > > will allow us to leverage our domain roles/groups. Our connection

> string
> > is
> > > below.
> > >
> > > The options I've found so far I don't like:
> > > 1. Impersonation - sql server permissions would be granted to this

> single
> > > account.
> > > 2. Granting rights to the ASP.NET user account on our SQL Server - sql
> > > server permissions would be granted to this account.
> > >
> > > In both cases, we could pass the name as a parameter so we can audit

the
> > > activity, but we'd really like our sql server security to be based on

> our
> > > windows logins - not the rights of some other account like the

> > impersonated
> > > account or the ASP.NET account.
> > >
> > > Suggestions? Thanks in advance!
> > > Mark
> > >
> > >

> >
> >

>
>



 
Reply With Quote
 
Mark
Guest
Posts: n/a
 
      12-12-2003
Slick! Thank you!

"Steve C. Orr [MVP, MCSD]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Don't specify a particular user. Let IIS take care of that. So your
> identity impersonate line should look like this:
> <identity impersonate="true"/>
>
> --
> I hope this helps,
> Steve C. Orr, MCSD, MVP
> http://Steve.Orr.net
> Hire top-notch developers at http://www.able-consulting.com
>
>
>
> "Mark" <(E-Mail Removed)> wrote in message
> news:e$(E-Mail Removed)...
> > Interesting. I will try this out, but your first sentence strikes me as
> > non-intuitive. Impersonation (to me) means that you're going to use an
> > account other than the one that is currenlty logged in. For example, if

I
> > enter the impersonation information (see below) into the web.config, how

> do
> > I make it use the current users account, rather than some specific

> account?
> > Is there an alternative syntax?
> >
> > <authentication mode="Windows" />
> > <identity impersonate="true" userName="domain\username"
> > password="password"/>
> >
> > Thanks Steve.
> > Mark
> >
> >
> > "Steve C. Orr [MVP, MCSD]" <(E-Mail Removed)> wrote in message
> > news:%(E-Mail Removed)...
> > > Use impersonation and disable anonymous authentication (in IIS.)
> > > Also in IIS make sure integrated windows authentication is checked.
> > > This way it should run under the user's account.
> > >
> > > --
> > > I hope this helps,
> > > Steve C. Orr, MCSD, MVP
> > > http://Steve.Orr.net
> > > Hire top-notch developers at http://www.able-consulting.com
> > >
> > >
> > >
> > > "Mark" <(E-Mail Removed)> wrote in message
> > > news:(E-Mail Removed)...
> > > > Is there a way to use ASP.NET's windows authentication so that the

> user
> > > that
> > > > is using our web page is the user that is connected to our SQL

Server?
> > > This
> > > > will allow us to leverage our domain roles/groups. Our connection

> > string
> > > is
> > > > below.
> > > >
> > > > The options I've found so far I don't like:
> > > > 1. Impersonation - sql server permissions would be granted to this

> > single
> > > > account.
> > > > 2. Granting rights to the ASP.NET user account on our SQL Server -

sql
> > > > server permissions would be granted to this account.
> > > >
> > > > In both cases, we could pass the name as a parameter so we can audit

> the
> > > > activity, but we'd really like our sql server security to be based

on
> > our
> > > > windows logins - not the rights of some other account like the
> > > impersonated
> > > > account or the ASP.NET account.
> > > >
> > > > Suggestions? Thanks in advance!
> > > > Mark
> > > >
> > > >
> > >
> > >

> >
> >

>
>



 
Reply With Quote
 
Dimitre Dimitre is offline
Junior Member
Join Date: Apr 2008
Posts: 1
 
      04-14-2008
I am trying to process a cube in an extremely simple sql server installation - it will only run on my pc. Yet, I am getting:

The datasource , 'xxx', contains an ImpersonationMode that that is not supported for processing operations.

Does anybody know how I can resolve this impersonation issue? (I do not really need impersonation for my purposes)
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Help. Getting a An error has occurred while establishing a connectionto the server. When connecting to SQL Server 2005, this failure may be causedby the fact that under the default settings SQL Server does not allow remote aboutjav.com@gmail.com ASP .Net 0 05-03-2008 12:43 PM
Windows authentication from ASP.NET to SQL Server Nils Magnus Englund ASP .Net 8 08-16-2005 02:12 PM
IIS 6 and Windows Authentication to SQL Server 2000 mcollier ASP .Net 6 02-24-2005 06:11 PM
Can't connect to SQL Server, using Windows Authentication users of SQL server? help =?Utf-8?B?UmV6YQ==?= ASP .Net 3 06-07-2004 06:42 PM
ASP.NET + SQL Server Windows authentication Lior Amar ASP .Net 2 08-27-2003 04:09 PM



Advertisments