Home Library Learn Samples Downloads Support Community Forums
Microsoft Developer Network >
Connection string with password or impersonation

Answered Connection string with password or impersonation

  • Wednesday, September 08, 2010 2:04 PM
     
     
    Sign In to Vote
    0

    Which is the best solution for a program which runs as networkservice (or defined user) and needs to be connected to a database as a specific user:

    DbConnection ConnectionString with username and password
                                             or
    Impersonate Windows Identity just before running the query

    Keep in mind security is important in my case.

     

    • Moved by Bob BeaucheminMVP Wednesday, September 08, 2010 6:10 PM Moved to a more relevent forum (From:.NET Framework inside SQL Server)
    •  
     

All Replies

  • Thursday, September 09, 2010 10:03 AM
     
     Answered
    Sign In to Vote
    0

    Pablo Castro [MS] answered on this:

    When you specify "integrated security=true" in the connection string, you're
    asking SqlClient to pick up the Windows identity from the calling thread and
    use that to authenticate against the server.

    The Windows identity cannot be specified in the connection string, only SQL
    auth logins can go there.

    If you need to use a different account, you'll have to "impersonate" that
    account.

    Source http://www.devnewsgroups.net/adonet/t16414-using-integrated-security-sspi-with-user-id.aspx

    Thanks!

     
  • Friday, September 10, 2010 8:07 AM
    Moderator
     
     
    Sign In to Vote
    0

    Hello,

    Thanks for sharing the solution, it definitely benifits the community members!

    Have a nice day!

    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have any feedback, please tell us.
    Welcome to the All-In-One Code Framework!
     
© 2013 Microsoft. All rights reserved.