Subscriptions And Windows Integrated Security

Mar 1, 2007

I have a set of reports that read from an Analysis Services cube. Permissions are managed at the cube level since different users should look at the same report but different data. This is why for those reports, the data source has Windows Integrated Security set.

Those same users should be able to subscribe to those reports, the problem is that for subscriptions to work, the data sources must store the credentials. This means the filtered reports are lost since the stored account will show all the reports for all users.

Is there any way of generating "filtered subscriptions"?

Thanks in advance

View 3 Replies


ADVERTISEMENT

Integrated Windows NT Security

Apr 7, 1999

Hi All,

Can we implement a table level (object) security on the groups of the windows NT domain using the integrated windows NT security so that one group has
the permission over one table to update ,select ,delete the information and other group has permission has for some other table.

Thanks
Ajay

View 3 Replies View Related

Windows Integrated Security With SQL Server

Apr 29, 2005

In my architecture I have a Domain Controller with Active Directory (DOMAIN_A), IIS 6.0 (WEBSERVER) and SqlServer 2000
(SQLDBSERVER).



The WEBSERVER has a
.NET application with windows authentication.  The .NET application interacts with the
database server. I want to use Integrated Security to pass in
the users login credentials to the database to run any database calls so that I can
audit who is making what calls on the database.

The connection string
I am using for this is as follows:


 string connStr =
"Server=SQLDBSERVER;Database=xxx;integrated
security=SSPI";


The problem arises
after I login to the web application (I use the user DOMAIN_ASomeUser where
SomeUser is a user who has permissions set up to make all of the database
calls). After logging in however, when I go to a page that makes a database
call I get the following error:


 System.Data.SqlClient.SqlException: Login failed for user
'DOMAIN_AWEBSERVER$'.
It seems that for some
reason, .NET is not passing the login name SomeUser, but instead is passing
SERVERNAME$. Would anyone pls have any ideas how I can implement this. Any guide or references would be much appreciated.

Thanks in advance. 

View 2 Replies View Related

Windows Integrated Security And Subscription

Dec 17, 2006

Hi,

I am having a problem in applying subscription to a report.

Here is my case:

I have a datasource with 'Windows integrated security ' authentication, yes....I am using windows domain authentication, so login info is not stored in DB but its authenticated from domain. Now the report I want to use subscription on is using this DS. I read it somwehere that I can use rsconfig -e -u -p option to assign user to unattended reports.

I think, this is the unattended report. I tried with rsconfig and then clicked on 'new subscription option'...and i got error (again) saying 'Subscription can not be created because the credentials used to run the report are not stored...or if linked report.....blah blah...'

I want to use subscription to this report but with 'Windows integrated security', is there any way I can do it ?? How can I assign some user to this report without changing authentiation method and use subscription ?

Help me ...I am stuck, this is the last milestone in my project !!!

Thanks,

Prashant

View 8 Replies View Related

Windows Integrated Security And Report Server

May 30, 2007

Greetings Folks,

We have a SQL Server Reporting Services instance running SP2. I have attempted to add a domain group in a trusted domain to the server to enable regular users to access reports. I have added this group to the instance folder as a SYSTEM USER and home as BROWSER. I am allowing those settings to be inherited down through the folders (reports and data sources) to the reports. My test user in this report receives:

The permissions granted to user 'DOMAINuser' are insufficient for performing this operation.
(log shows HTTP 500)

when the user attempts to use the URL to go directly to the report. If we try to navigate from HOME and walk the folders the user sees a blank HOME page.

I have used other groups with no problem.

Is there something I am missing in setting up the security environment? Any help would be greatly appreciated.

Thanks, Mark

View 1 Replies View Related

Integrated Security From Non-domain Windows 2008

Oct 23, 2007

I am trying to connect as follows:

Server: Windows 2003, SQL 2005, on a domain
Client: Windows 2008 Beta, not on any domain

I created an account with the same user name as the domain user on the client machine. And then I logged in as that user and went to Manage Network Password. I entered the correct domain credentials. Verified that this worked for file shares. However, SQL does not appear to be recognizing this and it tells me:

Login failed for user ''. The user is not associated with a trusted SQL Server connection.


I have verified that this domain account is working properly with SQL when the client is also on the domain.

How can I get this Windows authentication scenario to work where the client is not on the domain and the SQL server is on the domain?

View 5 Replies View Related

Help With Java Connection To MS SQL 2000 With Windows Integrated Security

Jul 23, 2005

Hi , I am trying to connect to MS Sql server 2000 from Java (1.4.2 /1.5 ). I installed my Sql Server(8.00.382) from the one supplied withVS.NET 2001. When I installed it on my laptop it did not ask me for auser name and password. After install when I re-started my machine Isee the server started up with a green light. Now when I connect to theserver from VS.NET it works fine. This is because VS uses windowsintegrated security. I now need to connect using Java , so I downloadedthe microsoft drivers for SQL2000-JDBC sp3 from the microsoft site. Iadded the jar files to my Java project classpath. I manage to registerthe driver in java :Class dbClass = ClassLoader.getSystemClassLoader().loadClass("com.microsoft.jdbc.sqlserver.SQLServerDriver");DriverManager.registerDriver((Driver) dbClass.newInstance() );Connection conn =DriverManager.getConnection("jdbc:microsoft:sqlserver://localhost:1433;_integrated security=SSPI");but cannot seem to get a connection as it gives an SQLException sayingthat it is unable to connect:java.sql.SQLException: [Microsoft][SQLServer 2000 Driver for JDBC]Errorestablishing socket.I cant seem to figure it out.Can some one help ??I am a newbie to sqlserver so couldnt quite figure out how to changeadmin password or create a new user with the tools provided with thisversion of sql (SQL Server Desktop Engine).Any help will be appreciated.Ebby

View 3 Replies View Related

Create Subscription For Rpt Service With Windows Integrated Security !!!

Sep 29, 2005

hi All,

View 8 Replies View Related

Login Failed For The User (using Windows Integrated Security)

Aug 1, 2006

Hello Everyone,

I am trying to connect SQL database through code but I get this error,I have spent days to solve it but unfortunately I couldn't...Here is my code in VB express(OP:windows 2000 with SP4)I am new to VB,so it makes the situation more difficult for me.

my code is:

Public Class Form1



Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load

Dim conn1 As SqlConnection = _

New SqlConnection("Data Source=.SQLEXPRESS;" & _

"Integrated Security=SSPI;" & _

"database=deneme3_database;")

'Open connection

conn1.Open()

MessageBox.Show("Connection succeeded.")

'Close connection

conn1.Close()

MessageBox.Show("Connection closed.")

End Sub



The error message is,it is in german but it is clear I guess:)

" Die von der Anmeldung angeforderte "deneme3_database"-Datenbank kann nicht geöffnet werden. Fehler bei der Anmeldung.
Fehler bei der Anmeldung für den Benutzer 'ADPLANatalay'. "





Thank you in advance!



Can



View 6 Replies View Related

Jdbc Integrated Security With The Sql Database On Windows Vista X64 Bit

Mar 17, 2007

I am trying to connect to an SQL database with a Java program compiled in NetBeans IDE. I have copied the proper .dll in the auth folder to the same folder as the .jar file required. I have tried a lot of things for a lot of hours, and am still coming up with the message "Driver is not configured for integrated security and "could not load the xxxxx.dll

Has anyone come up with a solution or a workaround to this problem. Please help. I have read the documentation until I am blue in the face. Please only respond if you have a 64 bit machine.



Thanks, Frank

View 1 Replies View Related

Another Question About Login Failed, But With Windows NT Integrated Security For SQL 2005

Jan 4, 2006

Hi, Happy New Year!
 
I have been struggling with this problem for a while with SQL 2005.  I have never had such login problem with SQL 2000. Here is the scenario:
 
I have installed SQL2005 standard version on a XP Pro box and I am trying to access it from another XP Pro machine.  I can access it using a SQL user name and password that I set up on the server, but I have not had luck with using Windows NT Integrated security.  When I try to connect to it (e.g. by a UDL file), I get an error saying Login failed for user €˜HP-AMD64Guest€™ where €˜HP-AMD64€™ is the name of the PC running the SQL 2005.  I can access the files on the machine without any problem.  I do not understand why it uses €˜Guest€™ that is not what I use to log on my machine.  Does anyone have any clue to offer me?
 
Thank you in advance!
 
h

   

View 14 Replies View Related

Can't Access Reporting Services In Management Studio Or Web Interface Using Windows Integrated Security

May 12, 2008

I know from searching this forum that there have been many variations of the issue I'm currently suffering, but I haven't found anything quite like mine or a solution to solve it. The issue I'm running into is that I am unable to log on to Reporting Services using Management Studio or the web interface when Windows Integrated Security is enabled. I have full functionality using basic security, but the risks involved make it impossible to deploy basic authentication out into production. The error I'm receiving in Management Studio is The request failed with HTTP status 401: Unauthorized. (Microsoft.SqlServer.Management.UI.RSClient). I recieve the same error when I try the web interface.

I've looked the most recent logfile in WindowsSystem32LogFilesW3SVC1 and these entries match up to the time I attempted my authentication.



Code Snippet
2008-05-12 20:30:42 <Edited: Server IP> GET /reports - 80 - <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 2 2148074254
2008-05-12 20:30:42 <Edited: Server IP> GET /reports - 80 DomainUserName <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 301 0 0
2008-05-12 20:30:42 <Edited: Server IP> GET /reports/ - 80 - <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 2 2148074254
2008-05-12 20:30:46 <Edited: Server IP> GET /reports/home.aspx - 80 DomainUserName <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 302 0 0
2008-05-12 20:30:46 <Edited: Server IP> GET /reports/Pages/Folder.aspx - 80 - <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 2 2148074254
2008-05-12 20:30:47 127.0.0.1 POST /ReportServer/ReportService2005.asmx - 80 - 127.0.0.1 - 401 2 2148074254
2008-05-12 20:30:47 127.0.0.1 POST /ReportServer/ReportService2005.asmx - 80 - 127.0.0.1 - 401 1 0
2008-05-12 20:30:47 127.0.0.1 POST /ReportServer/ReportService2005.asmx - 80 - 127.0.0.1 - 401 1 2148074248
2008-05-12 20:30:49 127.0.0.1 POST /ReportServer/ReportService2005.asmx - 80 - 127.0.0.1 - 401 2 2148074254
2008-05-12 20:30:49 127.0.0.1 POST /ReportServer/ReportService2005.asmx - 80 - 127.0.0.1 - 401 1 0
2008-05-12 20:30:49 127.0.0.1 POST /ReportServer/ReportService2005.asmx - 80 - 127.0.0.1 - 401 1 2148074248
2008-05-12 20:30:50 <Edited: Server IP> GET /reports/Pages/Folder.aspx - 80 DomainUserName <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 500 0 0
2008-05-12 20:30:50 <Edited: Server IP> GET /Reports/js/ReportingServices.js - 80 - <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 2 2148074254
2008-05-12 20:30:50 <Edited: Server IP> GET /Reports/js/ReportingServices.js - 80 DomainUserName <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 200 0 0
2008-05-12 20:30:54 <Edited: Server IP> GET /Reports/styles/ReportingServices.css - 80 - <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 2 2148074254
2008-05-12 20:30:54 <Edited: Server IP> GET /Reports/images/blank.gif - 80 - <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 2 2148074254
2008-05-12 20:30:54 <Edited: Server IP> GET /Reports/images/blank.gif - 80 DomainUserName <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 200 0 0
2008-05-12 20:30:54 <Edited: Server IP> GET /Reports/images/48error.jpg - 80 - <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 2 2148074254
2008-05-12 20:30:54 <Edited: Server IP> GET /Reports/styles/ReportingServices.css - 80 DomainUserName <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 200 0 0
2008-05-12 20:30:54 <Edited: Server IP> GET /Reports/images/48error.jpg - 80 DomainUserName <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 200 0 0
2008-05-12 20:31:07 127.0.0.1 GET /reports/ - 80 - 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 2 2148074254
2008-05-12 20:31:07 127.0.0.1 GET /reports/ - 80 - 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 1 0
2008-05-12 20:31:13 127.0.0.1 GET /reports/ - 80 - 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 2 2148074254
2008-05-12 20:31:13 127.0.0.1 GET /reports/ - 80 - 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 1 0


I tried to highlight one of each of the HTTP errors I am getting. 401.2 and 401.1 are the ones I kind of expected, but have no idea why I'm getting them. The 500 0 error is a bit troubling, because unless I'm mistaken thats a server side error.

Here's my current setup. As far as I can tell, I've done everything to set up correctly for Windows Integerated security.



My Specs
The server machine running all SQL 2005 services. It resides in a domain. All Clients are in the same domain.


Intel Dual Processor 3.20 gig Xenon

Windows Server 2003 w/ SP2

Microsoft Sql Server 2005 w/ SP2
Reporting Services Setup
The virtual directories Reports and ReportServer are set to Windows Integrated Security with Anonymous Access disabled. All other checkboxes in Directory Security are unchecked. For permissions in Reports, I have:


Administrators (servernameAdministrators) - Full Control

ASP.NET Machine Account - Modify, Read & Execute, List Folder Contents, Read, Write

Authenticated Users - Modify, Read & Execute, List Folder Contents, Read, Write

Creator Owner - No permissions

Domain Users - Read & Execute, List Folder Contents, Read

SQLServer2005ReportingServices]WebServiceUsers$... - Read & Execute, List Folder Contents, Read

SQLServer2005ReportServerUsers$... - Read & Execute, List Folder Contents, Read

SYSTEM - Full Control

Users (CompNameUsers) - Read & Execute, List Folder Contents, Read
In ReportServer I have the same permissions except Authenticated Users is absent.

At one point, I even added the account Everybody and gave it full control, and I still recieved a HTTP 401 error. Any help at what I might be missing would be a godsend.

Thanks.

View 1 Replies View Related

Reporting Services :: Data Extension Supports Windows Integrated Security And No Credentials Only

Feb 22, 2011

I am trying to fetch the sharepoint list data into the SSRS report.

I have given credentials in shared datasource to access remote datasource.

In preview i m getting the following error:

Data extension supports windows integrated security  and no credentials only.

View 3 Replies View Related

SRS Integrated With MOSS, Want Subscriptions

Aug 14, 2007

We have 64 bit MOSS with integrated SRS. This works quite well. You lose data-driven subscriptions until the release of SQL 2008. We want to build a custom subscription/workflow solution that renders reports and pops them into SharePoint lists. What we want to do is render thousands of reports into SharePoint document libraries and use workflow rules to route them to file shares, emails, approvals, etc.

This can be done manaully by right clicking the RDL in a report library and selecting Manage Subscriptions. This brings up a web page listing existing subscriptions (_layouts/ReportServer/ManageSubscriptions.aspx). This page does not write to a SharePoint list, but a set of tables in the ReportServerIntegrated database. I can see the tables and stored procedures that do the work. I cannot find a programming interface to create the subscriptions in code. I guess I can just call these stored procedures.

Has anyone played with this?

View 1 Replies View Related

SQL 2012 :: Persist Security Info And Integrated Security In Connection String

Dec 4, 2014

I use from sql server 2008. and c#

what is the best connectionstring?

I don't know if i use Persist Security Info and Integrated Security or not?

And if yes then their value must be true or false?

View 1 Replies View Related

Differance Between Persist Security Info And Integrated Security

Apr 26, 2007

hi i want to know what is the differance between  
Persist Security Info=False;Integrated Security=Yes;

View 1 Replies View Related

Setup Of Security / Integrated Win Security On Vista

Jul 6, 2007

I have Sql Server Express installed on Vista (service pack 2)

I have Visual Studio 2005 with an application that I'm trying to access it with within a WCF service.



The login ID of the service is added to the database.

The database has remote access turned on.

The ID is granted access to all databases within the server.

The thread is being set with WindowsProvider and the services set their thread to WindowsProvider.

The dataserver is set with using Windows Authentication for security.



When I open my connection to the database, though, it reports the typically useless message that the connection is not allowed and that the server may not allow remote connections.



How to I get past this? I've done everything right.

View 1 Replies View Related

Integrated Security

Sep 5, 2007

if one connects to SQL server (2005) with integrated security, does sql server connect to ADS in order to verify the credentials or does windows handle the authentification mechanism ?

thanks

View 1 Replies View Related

Integrated Security...

Oct 3, 2005

  Does anyone know how to impersonate a user and then use integrated security with SQL server?  Every place I've looked so far only shows how to use integrated security through IIS.  For some reason, everytime I impersonate a user account, SQL server identifies me as "NT AUTHORITYANONYMOUS LOGON"  Is this by design? or am I doing something wrong?

View 4 Replies View Related

Integrated Security

Sep 5, 2007



If one connects to sql server (2005) with integrated security, does sql server connects to ADS in order to verify credentials or does windows handle the authentification mechanism ?

Thanks.

View 1 Replies View Related

How To Access The DB With Integrated Security

May 11, 2007

Hello,
I'm new to ASP, but developping in Sql for years.
What we would like to have is that the user is accessing the database over it's own Windows Logon. Our triggers log quite some changes and are using UserName() for this. I've treid to force the IIS to accept Windows Integration only, the SqlDataSource users a connection that has Integrated Security = True. But when connection to the site i'm gatting error that there is no trusted connection for the user . (dot) ...
I suppose i'm missing something but could you give me a hint where to start looking..... THX

View 3 Replies View Related

DTS And NT Integrated Security User?

Dec 2, 1999

We have a a DTS package set up to run against another SQL Server. Using an integrated login is there a way to map an NT Authenticated users is
the sql server login id mapping to this attached server. The DB we are going against only uses NT authentication to attach to.

View 3 Replies View Related

Can I Do RDA Transfer Using Integrated Security?

Aug 8, 2007

or do i need to setup SQL security users and logins.?

View 1 Replies View Related

Clustering And Sql Server Integrated Security

Dec 17, 1998

We are using a VB application with a "dsnless" connection. It is not able to connect to the SQL box using integrated WinNT authentication. Receive the below error message:

Run-time error '-2147217843 (80040e4d)':
[Microsoft][ODBC SQL Server Driver][SQL Server] Login Failed

We can connect to our test SQL box with using the same application with no problem. The only difference we can see is the clustering on the "real" box.

We are using the following program string to connect to both boxes with the exception of the server we connect to:

"driver={SQL Server};server=server;uid=;pwd=;database=pubs"

Any info. would be greatly appreciated!

Thanks :)

View 1 Replies View Related

Integrated Security / Domain Name Problem

Nov 10, 1998

We've encountered a problem on one of our SQL servers running integrated security where MS Security Manager errors out with "An error occured executing sp_addlogin using Domain_nameusername - " is not a valid name since itbegins with an invalid character." We think it is because the domain has the underscore character in it name. Can anyone confirm or point to other possible configuration issues?

View 1 Replies View Related

Limiting Integrated Security Connections?

Jul 26, 2007

Ideally, I'd like to move away from using SQL-based logins for our internal applications and take advantage of integrated security instead.

Defining AD groups and their permissions in SQL is simple and getting the application to work with that is not an issue.

Where I'm having difficulty, though, is in isolating the accessibility in integrated security. Because the SQL-based login was isolated from the windows user, they could only get access to the sql server via our app -- their normal windows accounts had no access.

If we switch to use only windows authentication, the user would be able connect fine from our application and have rights to various tables. The issue is that they could also connect via Enterprise Manager, Excel, or any other tool. Is there any way to limit the exposure so that we can take use of AD for our access but further limit to allow connections based upon the application? I realize that this could be impersonated, but it's still better than nothing...


--Kevin Fairchild

View 5 Replies View Related

Application Login And Integrated Security

Aug 8, 2007

Hello,

We're having a bit of a problem getting Integrated Security to work with a .Net 2.0 application and SQL 2005. While we're tweaking permissions on the SQL-side, we came across an account "Application Login" and wondered what its role is. First, our problem:

Currently, the users in the AD group get a connection error. This group is defined as follows at the instance level:

role: public
user mapping: to the database without any default schema
securables: none
status: grant and enabled

At the database security level:

general: none
securables: execute on all (100+) stored procedures

And we gave them "Execute" on the database itself.

A little background: we had detached and copied this database from one server to another. So we suspect that the Application Login may have been modified/corrupted, even though it appears to be identical between the original and the copied databases. So we redefined it on the copied DB to match the original.
Another group, which is defined as dbo on the database, has no problem at all connecting and running the application.

The Application Login has Execute permissions on all stored procedures and Delete, Insert, Select, Update, and View Definition on the ChangeLog table. It also has db_DataReader, db_DataWriter, and db_ddlAdmin roles associated with it.

Is there another SQL login required for initial connection to the database even though Integrated Security=SSPI is used in the connection string?

Does anyone see where we may be missing a security setting for the non-dbo user group to connect to the database?

Thanks very much for any suggestions, ideas ....
Cheers,
Tess

View 1 Replies View Related

Restrict ASP.NET App DB Permissions Using Integrated Security

Mar 6, 2007

How might I Restrict ASP.NET app DB permissions using Integrated Security?

I can see how it's done with SQL Authentication, but I'd prefer to do it with Windows Authentication.

Is it a matter of restricting the permissions of the general ASP.NET user (€œNT AUTHORITYNETWORK SERVICE€?)...seems like it might affect too much.

Or can I have a Windows user/identity/account that is specific to a single ASP.NET Application?

Any guidance on this would be appreciated.

Thanks!

View 3 Replies View Related

Integrated Security &&amp; Database Design

Nov 27, 2007

I'm looking for a best practices document or microsoft book that explains proper database security design for applications accessing sql using integrated security.

I am an application developer at a shop that has been using sql authentication to connect to sql servers.
We have an sql login and user setup for each application. This sql user has read/write access to that applications database. The (human) users have no idea what the login is, we have a special generic dll that feeds the sql logins and passwords to our applications at run time for each app.
Operations is pushing to move out of mixed mode and into full integraded security mode. Microsoft best practices push integrated security so I understand the move. What I'm trying to locate is some microsoft documentation on security design.

This is what I have pieced together so far regarding the windows authenciated approach to applications accessing databases. With windows security, users will be able to bypass our applications all together and use tools like access and excel to hit the databases even if we don't want them going in there. Their windows security will allow them to do this with integrated security. This is assuming we don't have the app "run as windows user x" and that we grant the user groups permissions on the database objects. This means instead of granting user groups generic read/write on the entire database like we could with sql security we need to consider what groups use the application and consider what permissions need to exist on each database object for that group. In addition we will need to almost exclusively use views and stored procedures to get data as these will act as filters to only allow users to touch what they should be allowed to touch. Having select and update statements within apps would require users have table rights, which is basically the same as allowing them to do anything. Each view and procedure will need to be set up with special consideration so that if a user where to hit them directly we would be ok with it...Basically the application layer which contains a multitude of validation logic on user entry controls can be skipped by a "smart" user who decides to "fool around" in access"

. A solution to fix this would be to have our apps run as a special windows user id but operations has refused to allow this. And honestly this would be nearly identical to just using sql authentication. We are looking at a security redesign of over 60 systems and a multitude of reports. I'm looking for a best practices document or microsoft book that I can use to help demonstrate the amount of redesign work making this move will require and shed more light on how this all works.

I have already looked at the following security documents which do not have what I am looking for, so i figured I better ask.


ado.net security

http://msdn2.microsoft.com/en-us/library/hdb58b2f(VS.80).aspx

VB security

http://msdn2.microsoft.com/en-us/library/ms233782(VS.80).aspx

SQL Server 2005 security best practices

http://www.microsoft.com/technet/prodtechnol/sql/2005/sql2005secbestpract.mspx

View 4 Replies View Related

Connect To SQL Server Using Integrated Security=true

Sep 8, 2006

Hi all,I use the following connectionstring connect to sqlservserver=(local); database=mydata;Integrated Security=trueIf I tried browse the website in VS Web Developer 2005 environment, it's ok. After I compiled the site and access through IIS server, can not connect to sqlserver , I need to use login and password to connect. How can I connect wihtout using LogID and password.Thanks 

View 2 Replies View Related

Sqlconnection.open Slow With Integrated Security

Feb 11, 2008

Hello, I started profiling a website that i'm developing yesterday (asp.net 2.0) and noticed that sqlconnection.open is ridiculously slow (between 3-10 seconds) when using integrated security=true in the connection string.  If I use SQL authentication instead and pass the username and password in the connection string, sqlconnection.open is instantaneous. 
My enviornment is as follows: 


Sql server is on a win2003 x64 server.

View 3 Replies View Related

Sql Connection Fails With Integrated Security=SSPI

Apr 9, 2008

I am using windows impersonation in a CLR that is retrieving folder structure. In order to use impersonation I need to pass the windows credential to the SQL server so I am trying to use "integrated security=SSPI" and I also tried "integrated security=true" as well with the same result...I get the error: Login failed for user ''. The user is not associated with a trusted SQL Server connection.
The SQL Server and IIS are located in different un-trusted domain. I am however able to connect to the SQL Server using user id and password. In my web.config file:
<add name="ConnectionName1" connectionString="Data Source=IpAddress,Port#;Initial Catalog=DatabaseName;Integrated Security=true;persist security info=False; Trusted_Connection=Yes;" providerName="System.Data.SqlClient"/> à Doesn’t work
<add name="ConnectionName2" connectionString="Data Source=IpAddress,Port#;Initial Catalog=DatabaseName;uid=user;pwd=password;" providerName="System.Data.SqlClient"/> Ã WorksBased on the error message it looks like there is no user passed to the SQL server.
What am I missing? At this point I am thankful for any input…
 
 

View 5 Replies View Related

Login SQL Server Using Integrated Security !! Problem

Mar 6, 2005

ok thi is my code for test

SqlConnection conn = new SqlConnection("server=majed13;Integrated Security=SSPI;");
conn.Open();
conn.Close();

connection is OK
the user logged in SQL Server is ASPNET USER
i want looged in current NT USER not ASPNET USER
thanx in advance

View 4 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved