Connectionstring using sspi

Question

1.00/5 (1 vote)

See more:

Can anyone tell me if you can use the sspi security option in the connectionstring
to delegate the user credentials to the sql server?

EDIT:

Is this possible by using impersonation or delegation or both

Posted 29-Apr-14 1:51am

BELGIUMsky

Updated 29-Apr-14 3:22am

v2

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

ZurdoDev · Answer 1 · 2014-04-29T03:04:00

Solution 1

http://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlconnection.connectionstring(v=vs.110).aspx[^] From that article it says, "If User ID and Password are specified and Integrated Security is set to true, the User ID and Password will be ignored and Integrated Security will be used."

So, no. If you use integrated security then it will not use the specified user name and password.

Posted 29-Apr-14 3:04am

ZurdoDev

Comments

BELGIUMsky 29-Apr-14 9:08am

i don't mean the username and password specified in the connectionstring

i want to use the passed username and password the client sends to the wcf service

ZurdoDev 29-Apr-14 9:18am

In that case don't use SSPI. You just use a username and password in your connection string.

BELGIUMsky 29-Apr-14 9:23am

and how can you set that username and password dynamicly in a wcf service? that uses username authentication mapped to windows active directory

ZurdoDev 29-Apr-14 9:32am

I'm not sure. It may have something like impersonation. But I thought you said the username and password were being sent to the service?

BELGIUMsky 29-Apr-14 9:43am

yes the client application will authenticate himself with username and password from within the organization(active directory) (this because the client application will not be in the domain) connection from behind the internet<br>
<br>
that username and password should be mapped to the active directory windows account<br>
<br>
because the sql server has some role based access the persons i create this service for want that these credentials are used to connect to the database

ZurdoDev 29-Apr-14 9:46am

I don't quite follow. If they are coming over the internet and you want to authenticate via AD from a different domain you need to use Microsoft Federation or something like that.

BELGIUMsky 29-Apr-14 9:48am

you can use username authentication with the windowstokenroleprovider or something like that

this still needs to be tested because i don't have access to our AD atm they are upating or something

ZurdoDev 29-Apr-14 9:50am

See my comment to your other question.