tags:

views:

1182

answers:

4
Q: 

Issue with database connection from sharepoint workflow with integrated security options

Good morning everyone,

I'm running into an issue using a SharePoint workflow project (C#, VS 2008) and connecting to a database. Here is my database connection string:

Data Source=DBSERVER;Initial Catalog=DBNAME;Integrated Security=True;

When I attempt to run the following code I get the following error ... 

SqlConnection dbEngine = new SqlConnection(Constants.DBCONNECTION_STRING);
dbEngine.Open();

"Login failed for user 'DOMAIN\MACHINE_NAME$'"

What I need it to do is pass through the logged in user's credentials. I've got impersonation turned on but it doesn't seem to be passing through. Any suggestions would be very much appreciated.

Thank you in advance for any advice,

Scott Vercuski

+1  A: 

Are the web front end and the SQL server on the same box ?

If not, you'll have to set up Kerberos to allow credentials propagation.

Nico  2008-10-11 11:08:11
Credential propagation is only required when a third (or more) machine is involved.
Mitch Wheat  2008-10-11 11:20:11
A: 

You cannot do that - the workflow does not run in the context of a user. Workflows are executed asynchronuously. Only (HTTP) WebPage-Requests run in the context of the user (if you turn on impersonation). You cannot flow the impersonation to the workflow. To restore impersonation in the workflow (which you should not do) would require username AND password OR protocol transition (process would need to run under system then).

Additionally, your application has a serious design issue if you try to access the db from an impersonated user context. That messes up connection pooling and will seriously hurt performance. That is generally a no-go.

This is not a kerberos issue. The process tries to access the db as the machine account, which tells you the process is running as either network service or (win 2008 and later) system.

 2008-11-15 05:54:57
A: 

So what if I do want to access the database from an impersonated user context within a workflow, is it possible?

Sam  2008-11-24 16:11:32
+1  A: 

Any DB access should run as a Windows Service account for security and connection pooling reasons.

Regarding the Workflow Security Context, see:

SharePoint, Workflows and Security http://cglessner.blogspot.com/2008/09/sharepoint-workflows-and-security.html

Declarative Workflows and User Context http://blogs.msdn.com/sharepointdesigner/archive/2008/09/28/declarative-workflows-and-user-context.aspx

Security and Application Development in SharePoint: First Steps Workflow http://www.microsoft.com/technet/community/columns/secmvp/sv0408.mspx#EACAC

 2009-03-03 03:38:57

related questions

Upgrading Sharepoint 3.0 to SQL 2005 Backend?
Webpart registration error in event log
Sharepoint COMException 0x81020037
Transactional Design Pattern
Deploying InfoPath forms to different SharePoint servers
Profiling/Optimizing (Sharepoint 2007) Web Parts
Retreiving the PC Name of a Client? (Windows Auth)
What's the best way to report errors from a SharePoint workflow?
How to get out parameters working in SharePoint workflows
Editing User Profile w/ Forms Authentication
WSS/MOSS Book
Creating a development environment for SharePoint.
Sharepoint Wikis
Have you used a wiki in your project or group?
Can I copy files to a Network Place from a script or the command line?
How do you deploy your SharePoint solutions?
SharePoint WSS 3.0 Integration with Mac OSX (either Safari or Firefox)
SharePoint - Connection String dialog box during FeatureActivated event
How can I improve the edit-compile-test loop when developing a SharePoint workflow?
Best ajax library for Sharepoint
Alternative Hostname for an IIS web site for internal access only
How to reference to multiple version assembly
MOSS SSP problem - Failed database logons from deleted SSP
Sharepoint: executing stsadm from a timer job + SHAREPOINT\System rights
Can ASP.NET AJAX partial rendering work inside a SharePoint 2007 application page?