locked
How to use Windows account credentials instead of web form login credentials to access DB RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    User-523892225 posted

    In our webforms app we presently have our database username/password information directly in the connection string in the web.config file.  We want to change this and begin using Integrated Security so we changed the connection string to look like this:

    <add name="LocalSqlServer" connectionString="Data Source=xxx;Persist Security Info=True;Initial Catalog=xxx;Integrated Security=true" providerName="System.Data.SqlClient" />

    While this works fine when a person logs in as themselves, the database connection fails when we attempt to login using the username/password of any of our test accounts.  It fails because instead of using the Windows account credentials, it is using the credentials of the account information input into the login form.

    What do we have to do so that regardless of what information is input into the login form, the database will use the Windows account credentials? Only the database though because the app itself needs to be able to recognize the username/password information input into the form due to permission levels.

    Tuesday, January 29, 2019 5:38 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    User753101303 posted

    Hi,


    So my understanding is that you you have <identity impersonate="true"/> somewhere which runs the app under the authenticated user account. If you disable that it should run under the account your configured for the application pool (which seems what you want).

    Tuesday, January 29, 2019 5:50 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User-523892225 posted

    Hi,


    So my understanding is that you you have <identity impersonate="true"/>  somewhere which runs the app under the authenticated user account. If you disable that it should run under the account your configured for the application pool (which seems what you want).

    Thank you for the response. We tried that and while setting it to false does allow access to the database using the Windows account credentials, it also logs us into the app itself using those credentials. What I need to figure out is how to keep them separate so that it logs into the database using the Windows account credentials but logs into the app itself using the information from the login form. 

    Tuesday, January 29, 2019 6:23 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User753101303 posted

    My guess is that for now you are using a method that returns the account under which the code runs (which is more likely why you needed to enable impersonation).

    Instead make sure to use System.Web.HttpContext.Current.User.Identity.Name. It should always return the authenticated user and regardless of which authentication method is used.

    Tuesday, January 29, 2019 6:35 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User-523892225 posted

    I'll look for it. Thank you.

    Tuesday, January 29, 2019 7:29 PM