locked
Active Directory authentication for SQL Server using JDBC RRS feed

  • Question

  • Hi 

    I have a requirement in which windows logged in user would be XXXX and I would like to make a JDBC connection through a java program using another Active Directory user to authenticate to SQL Server.

    Is it possible, if possible please help me getting some information on how to do it using JDBC.

     This is bit urgent requirement. Appreciate your help in this.

    Thanks

    Sara

    Thursday, January 17, 2019 10:13 AM

Answers

All replies

  • Hello Sara,

    It is not possible to impersonate an other Windows account for a SQL Server Connection. Either use SQL Logins or you have to start the app with a different account using RunAs


    Olaf Helper

    [ Blog] [ Xing] [ MVP]

    Thursday, January 17, 2019 11:36 AM
  • It seems if you're on JDBC driver 6.2, you're able to impersonate as another user via supplied credentials in the connection string while still using "Integrated Security=True". I have not tested this myself yet, but I encourage you to look into the following links and see if that satisfies your need.

    If it doesn't work out, your best bet would be to either grant the logged-in AD user permission to access SQL Server or connect via SQL authentication. 

    https://docs.microsoft.com/en-us/sql/connect/jdbc/using-kerberos-integrated-authentication-to-connect-to-sql-server?view=sql-server-2017#kerberos-connection-using-principal-names-and-password

    https://cloudblogs.microsoft.com/sqlserver/2017/07/05/microsoft-jdbc-driver-6-2-for-sql-server-released/

    Excerpt below:

    Beginning in Microsoft JDBC Driver 6.2, the driver can establish Kerberos connection using the Principal Name and Password passed in connection string.

    The username property does not require REALM if user belongs to the default_realm set in krb5.conf file. When userNameand passwordis set along with integratedSecurity=true;and authenticationScheme=JavaKerberos;property, the connection is established with value of userName as Kerberos Principal along with the password supplied.


    Please remember to click "Mark as Answer" if my response answered your question or click "Vote as helpful" if it helped you in any way.


    • Edited by Mohsin_A_Khan Thursday, January 17, 2019 12:43 PM
    • Marked as answer by K_Sara Friday, January 18, 2019 4:29 AM
    Thursday, January 17, 2019 12:39 PM
  • Hi Mohsin, Hi Olaf,

    Thank you for immediate answers. Appreciate your help. 

    I will try through these options. 

    Thank you

    Sara

    Friday, January 18, 2019 4:31 AM