This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Remove From My Forums

Impersonate Windows Authentication outside a domain

Question
0

Sign in to vote

I have a .Net Windows desktop application running in a domain that talks queries/writes to a Sql Server db on the same domain via Windows Authentication. This is fine. What I need to know is how do I have the application utilize Windows Authentication to hit the server in the server's domain when the application is running from a different domain (e.g like a laptop from a remote location or one of our service people need to run the app against a users Sql Server on the client's domain from our domain)?

I read these threads:

http://social.msdn.microsoft.com/forums/en-US/sqlsecurity/thread/a4243cb5-3b86-4a75-b745-e4c6665faed8/

http://social.msdn.microsoft.com/Forums/en-US/netfxbcl/thread/6157ecd8-45a4-43cc-bf28-47a7a4dd4d2e/

are these the right approach or can someone point me to a link documenting the correct way?

Tuesday, April 2, 2013 1:34 PM

Answers

0

Sign in to vote
Hi,

Windows Authentication relies on NTLM or Kerberos to perform the authentication. These security package (SSP) create a token which is used by SQL Server.

You have to conform to the requirements of one of these 2 protocols to achieve what you want.

You can try a (unidirectional) trust relation between the 2 domains.

regards,

vincent
- Marked as answer by Michael L. Wagner Monday, June 24, 2013 6:27 PM
Thursday, May 9, 2013 5:14 PM