March 23, 2006 at 1:46 pm
I’m trying to help the developers of a legacy app to get their app to run under the authority of a Windows domain user account other than the currently logged on user. Their app will do the authentication, not Windows. I’ve seen and tested ways to use the authority of a SQL user account. For example,
OSQL -
But I can’t seem to find a way to impersonate a Windows account.
March 23, 2006 at 5:45 pm
I would look at the runas command, I can't figure out how to give it a password programaticaly maybe you will have more luck.
Note: I have not needed to ever [give it a password] .
Tim S
Look at this link:
March 23, 2006 at 6:20 pm
I'm not sure you'll be able to do it. Windows Authetication is just that. It authenticates via Windows. SQL Server doesn't know or trust the application.
-SQLBill
March 24, 2006 at 3:53 am
March 24, 2006 at 7:28 am
Take a look at this:
Describes how tom impersonate another account, programmatically.
March 24, 2006 at 7:57 am
March 24, 2006 at 11:32 am
Thanks to all of you for your help. I’ve learned from all of you. The runas fixes seem more complicated than I anticipated: both to implement and (especially) to maintain. I don’t think I want to go there.
One more part of the picture. The application has both a client component and a server component. The server side of the application starts as a service on an application server. The application server is not on the same box as the sql server. Right now, the application server service runs as the system account. It’s been suggested to me to make the application’s service start as a domain user account on this server. Then, so I’ve been told, a connection from that application server to a SQL server will always use the associated domain account for the connection. I don’t think it’s that simple, but I’m going to look into this some more. I’ve seen the associated articles on the ASP.net service account, but haven’t seen a more general discussion of application service accounts. Any pointers would be welcome.
March 24, 2006 at 11:48 am
OK, so is it the service that executes/needs to execute the command?
If so, then if your service uses a domain account and that domain account uses a "trusted" connection to the SQL Server and if the SQL Server allows access to that account, then I think it'll work that way. That's a lot of if's though...
March 24, 2006 at 1:22 pm
I don’t know all the details about their app. Surprisingly, their developers don’t either. I’m going fishing in Costa Rica next week and won’t know much ‘til I get back. I am NOT bringing a laptop with me. However, I did set up a couple of test boxes and test databases for them to play with when I’m gone. I’ll post results when I get back.
Viewing 9 posts - 1 through 8 (of 8 total)
You must be logged in to reply to this topic. Login to reply