June 17, 2009 at 4:25 am
I am trying to connect to the SQL Server 2005 with invalid username and/or password. still I can connect successfuly!
I have a windows user who has Windows Authentication to the database.
Is there anyway to validate the username and password ?
I am using ADO with C++6.
Thanks
June 17, 2009 at 4:39 am
Hello,
It would be interesting to find out under what credentials the user is then accessing the SQL Server. Can you open up Activity Manager from with SQL Server Management Studio and see what value is in the User column when you connect with your invalid password?
Regards,
John Marsh
www.sql.lu
SQL Server Luxembourg User Group
June 17, 2009 at 4:55 am
I don't think this is the case. But I believe SQL Server or ADO has decided to grant me access due to the Windows Authenticated user who is running the process.
I am not working mainly with SQL Server, so any help would be great.
Thanks again
June 17, 2009 at 5:23 am
Hello again,
That could be true. Can you see the Connection String that the Application is using? I would guess there is an “Integrated Security” Clause in there.
I mentioned Activity Monitor before, because you could then see what User-Id the Application is accessing SQL Server with.
Regards,
John Marsh
www.sql.lu
SQL Server Luxembourg User Group
June 17, 2009 at 5:41 am
this is the connection string I am using
Provider=%s;Server=%s;Database=%s;UserId=%s;Password=%s;
each %s is replaced by an equivalent value as the follwoing:
%s = SQLNCLI
%s = My Computer Name
%s = My Database Name
%s = Username
%s = Password
June 17, 2009 at 6:57 am
Take a look at the client's ODBC version as you may have encountered this bug:
"SQL Server ODBC Driver Ignores Authentication Setting" http://support.microsoft.com/kb/279526
When you use the SQL Server ODBC driver version 2000.080.0194, which was released with SQL Server 2000 and Microsoft Data Access Components (MDAC) 2.6 RTM, the authentication settings for ODBC data source names (DSNs) are ignored. The driver attempts to log directly into SQL Server using NTLM authentication (integrated security) without prompting for a user ID and password.
SQL = Scarcely Qualifies as a Language
June 18, 2009 at 12:42 am
Hello again,
The fact that you mentioned the Application can connect with an Invalid (SQL Server) Username or Password strongly suggests that these are being ignored and instead (Windows) Integrated Security is being used instead.
Does the scenario in the KB Article supplied by Carl Federl apply in your case?
Did you have a chance yet to check Activity Manager?
Also, is the Application a Windows Service, Wed App or Smart Client?
Regards,
John Marsh
www.sql.lu
SQL Server Luxembourg User Group
June 18, 2009 at 8:13 am
Hi All,
Actually I found the error in the Connection String, I was typing "UserID" while I should type "User Id"
Thanks for you help.
Viewing 8 posts - 1 through 8 (of 8 total)
You must be logged in to reply to this topic. Login to reply