none
Connection string with password or impersonation

    Question

  • Which is the best solution for a program which runs as networkservice (or defined user) and needs to be connected to a database as a specific user:

    DbConnection ConnectionString with username and password
                                             or
    Impersonate Windows Identity just before running the query

    Keep in mind security is important in my case.

     

    • Moved by Bob BeaucheminMVP Wednesday, September 08, 2010 6:10 PM Moved to a more relevent forum (From:.NET Framework inside SQL Server)
    Wednesday, September 08, 2010 2:04 PM

Answers

All replies

  • Pablo Castro [MS] answered on this:

    When you specify "integrated security=true" in the connection string, you're
    asking SqlClient to pick up the Windows identity from the calling thread and
    use that to authenticate against the server.

    The Windows identity cannot be specified in the connection string, only SQL
    auth logins can go there.

    If you need to use a different account, you'll have to "impersonate" that
    account.

    Source http://www.devnewsgroups.net/adonet/t16414-using-integrated-security-sspi-with-user-id.aspx

    Thanks!

    • Marked as answer by Roahn Luo Friday, September 10, 2010 8:07 AM
    Thursday, September 09, 2010 10:03 AM
  • Hello,

    Thanks for sharing the solution, it definitely benifits the community members!

    Have a nice day!


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have any feedback, please tell us.
    Welcome to the All-In-One Code Framework!
    Friday, September 10, 2010 8:07 AM