For as long as I've used SQL Server, I've always used it in a way where an application (either Windows or Web) would authenticate against the database using the user's Windows identity. What I guess is called using NTLM.
Now, we're being asked to come up with protocol solutions, in both Windows and Web, that will hit against a database behind our firewall and made available to what I call "known external users". Users who are authenticated against a server in our DMZ, interacting with some service in the DMZ, which performs all of the database actions on the user's behalf. I was first told that I had to use ADFS, to authenticate the known external user. (We're using ADFS on a Windows 2012 Server.) So, I learned how to do that. But now comes the next part and this is harder, Kerberos.
I was told that SQL Server, when not using Windows authentication (NTLM, I believe), may only be accessed using Kerberos. I have spent days trying to find how to use Kerberos programmatically. And I've come up empty. I can find hundreds, perhaps thousands or millions of websites describe how to set up Kerberos; how to configure Kerberos; how to administer Kerberos. None of that helps me. I want to know how can I interact with Kerberos in a application so I can access the database behind the firewall on the user's behalf, as the user. Or if you prefer delegated to the database as the user. How do I do that?
Kindest Regards, Rod Connect with me on LinkedIn.