Remove From My Forums. Answered by:. Archived Forums. SQL Server Security. Sign in to vote. Which is the recommended authentication for web application using SQL Server database? Thanks in advance. Wednesday, October 11, AM.
Hello - 1. Asked 7 years, 7 months ago. Active 1 year, 11 months ago. Viewed k times. Improve this question.
MDCCL 8, 3 3 gold badges 28 28 silver badges 54 54 bronze badges. This post is somewhat related. Add a comment. Active Oldest Votes. This should work with any application, including Visual Studio. Improve this answer. Aaron Bertrand Aaron Bertrand k 25 25 gold badges silver badges bronze badges. See serverfault. This however does NOT work if the source system is Win10 maybe 8. Some legacy issue I admit, but should others come by this answer, expect problems with legacy OSes and software that relies on some internal credential transfer.
Thanks, the runas option worked for me on my nondomain workstation — Taavi. Example: UniServer is the default port, you may need a different port, especially if you are connecting to a named instance Populate the "User Name" don't forget to include the domain e.
One way around this would be to set up domains of users with access privileges to the tables which reflect the permissions set by the application, and configuring a view of the data so they may only see the records that they have permissions to.
However to do this would require a high administrative cost to ensure that changes made in the application are reflected in the privileges of the SQL server.
This would allow the applcation to determine security, and stop users from connecting to the SQL server using other applications. Alternatively, can the SQL server, using Windows Integrated Authentication, also ask the application to supply a username and password? Any help with this matter would be greatly appreciated. After the installation i downloaded using microsoft windows update and installed all the service packs for sql and vista available.
My problem is when i open sql server management studio and try to connect to my default instance using windows authentication and database engine, an error occurs. I enabled all the protocols and all the ports I disabled windows firewall and antivirus eset nod32 I installed all service packs available I have also installed Visual Studio without installing sqlexpress But nothing happens!
Please i am very desperate, any information will be gratefully accepted. NET Framework 2. I'm trying to run a test from my test environment which is a non-domain Windows server to access my domain with SQL I have install tools to try to access the SQL server. When connecting to SQL Server , this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections.
I'm using sa account to access. Also, sa account does not seems to work for remote access. It is ok when accessing locally. Any help would be appreciated. Hello Can anyone tell me what is the difference between sql authentication and windows authentication. Examples of each would be very useful Many thanks in advance Steve.
The application just creates a database in SQL Server and uses the database to store its information. If I should only use SA, do we have a documentation which talks about this.
Thanks Santhosh. We're getting an error where we can't add a login with the full dns name of a user - domain. Get an error , "Windows NT user or group domain. The domain has a different Netbios name and DNS domain names, so we can add the user when we use the form "netbiosnameuser". So far so good. Unfortunately, we have another application - Office Share Point Server whose shared services provider won't run, giving errors in the event log every 60 seconds that "Windows NT user or group 'domain.
It looks as if SQL insists upon listing users in the form netbiosdomainnameuser, and applications that look for domain. Hi, I am new to Reporting Services. I want to use Reporting Services in our application. My custom web application is on one machine and Reporting Services is on other machine. But in this case I am not able to get "Authentication Ticket" on Report Server since it is on other machine. Is there any work around to pass Authentication Cookie across Domain or any other solution for this?
Regards Amit. I wonder if it is possible to set forms authentication for report manager but leave report server "as it is". I need to authenticate users from external LDAP and can't use windows authentication for report manager, but I would also like to leave report server open for anonymous users. In that way authenticated administrators could create reports which anonymous users could read. If I have understood correctly, the report manager is just application inside report server so is it possible to use forms authentication with one application but still leave the report server with Windows authentication?
I have observed that a temporary loss of a domain controller can causeproblems creating new ado connections between a client machine runningado and a separate sql server machine that are members of the domain. I understand why this happens when creating connections with windowsauthentication. Asked 10 years, 8 months ago. Active 4 years, 1 month ago. Viewed 56k times. Domain1 Users Global Groups Forest1. Add a comment. Active Oldest Votes. The Problem - Explained From what I can tell also with help from a Microsoft representative , because the service account was originally a Domain1 user, it could not determine what domain local groups the connecting user is a member of when the user is authenticating via Kerberos.
Overall Solution To bring it all together, to successfully add users from Domain1 and Domain3 as members of groups in Domain2 so that the groups can be used as SQL Server logins with Windows authentication, here's a list of requirements or at least strongly encouraged : Established trust relationships between the domains At a minimum, 1 way trusts must be set up so that Domain2 trusts Domain1 and Domain3 Groups in Domain2 must be scoped "Domain Local" This is so you can add users and groups from Domain1 and Domain3 See here for more info Use SQL Server Configuration Manager to designate a non-administrative Domain2 user as the service account identity MSDN documents why using a domain user account may be preferred Even though the configuration manager is supposed to add users to local SQL Server specific groups for you i.
So just check your local groups to ensure they've been updated appropriately with your Domain2 user account. Although SQL Server set up should automatically assign appropriate permissions for their local groups, again, I ran into a few instances where this was not the case. If this happens to you, you can reference this MSDN article along with the previously mentioned article for permission requirements.
Configure a Service Principal Name SPN for the SQL Server instance host including any aliases and the Domain2 service account The SPN is required for mutual authentication between the client and the server host See this TechNet article for more info Depending on how you intend to use impersonation, you may want to enable the Domain2 service account to be trusted for delegation See this TechNet article for more info Enable remote connections for the SQL Service instance Finally, create logins for desired Domain2 groups and any Domain1 or Domain3 members should be able to connect remotely!
0コメント