locked
Impersonate Windows Authentication outside a domain RRS feed

  • Question

  • I have a .Net Windows desktop application running in a domain that talks queries/writes to a Sql Server db on the same domain via Windows Authentication. This is fine. What I need to know is how do I have the application utilize Windows Authentication to hit the server in the server's domain when the application is running from a different domain (e.g like a laptop from a remote location or one of our service people need to run the app against a users Sql Server on the client's domain from our domain)?

    I read these threads:

    http://social.msdn.microsoft.com/forums/en-US/sqlsecurity/thread/a4243cb5-3b86-4a75-b745-e4c6665faed8/  

    http://social.msdn.microsoft.com/Forums/en-US/netfxbcl/thread/6157ecd8-45a4-43cc-bf28-47a7a4dd4d2e/

    are these the right approach or can someone point me to a link documenting the correct way?

    Tuesday, April 2, 2013 1:34 PM

Answers

  • Hi,

    Windows Authentication relies on NTLM or Kerberos to perform the authentication. These security package (SSP) create a token which is used by SQL Server.

    You have to conform to the requirements of one of these 2 protocols to achieve what you want.

    You can try a (unidirectional) trust relation between the 2 domains.

    regards,

    vincent

    Thursday, May 9, 2013 5:14 PM