tags:

views:

35

answers:

2
Q: 

Access sql server without directly permission in domain from ASP.NET

Hi all

Here is the situation. All the machines and users are in the same domain.We are in a domain enviroment. There are some sql server 2005/2008 storing data. There is a ASP.NET site in the domain using the Window Authentication. Now, we need read the data from the sql server and display them using SqlDataSource and GridView. But most of users do not have the direct permission to access the database. Is there any solution to get the data from database and display them on the site without granting users permission?

Best Regards,

+3  A: 

Yes - create a SQL user on the database server, and use this one SQL user account to access the database for all your users (who use their domain accounts to authenticate to your system).

This is a very common situation, and it allows you to easily fine grain the access available to that one account, rather than trying to manage multiple domain style accounts on your SQL server.

Plenty of connection string options here:

http://www.connectionstrings.com

Also a pretty decent MSDN article on the same here:

http://msdn.microsoft.com/en-us/library/ms998300.aspx

Paddy  2010-04-15 08:32:51
The example you provide is SQL Authentication, not Window Authentication.
Yongwei Xing  2010-04-15 08:38:47
Indeed - you asked for a method of doing this that didn't involve granting users permissions on the SQL box (which would be windows authentication).
Paddy  2010-04-15 09:02:44
SQL Authentication allows you specify a user and password in the connectstring, but you can not specify a user in connect string
Yongwei Xing  2010-04-15 09:14:36
@Yongwei Xing - yes, that's right. You set up a sql user and use that username/password to connect for everybody. The user context that logs into the application is not used at all. If you absolutely need the user context for your connection, then you will need to use windows auth.
Paddy  2010-04-15 09:32:48
@Yongwei Xing - I think you are missing a point here. The user connect to you app and your domain using their windows credentials. Inside the app, specify the username/password, in the connection string, created to access the database.
Frank  2010-04-15 11:51:15
@Frank I think it's a little complex in my case. Actually,I am in SharePoint.
Yongwei Xing  2010-04-16 02:54:13
@Yongwei Xing - I don't think that having this in Sharepoint should really make a difference. The principle is the same.
Paddy  2010-04-16 07:56:48
A: 

I may have misunderstood your question, but if what you are trying to avoid is explicitly having to grant database permissions each user individually, you can get around this by granting permissions to a Active Directory security group of which all the users you need to grant access to are a member. The individual users will inherit permissions from the group.

However, there's another problem here which may mean that enabling SQL authentication is a simpler solution. Unless Kerberos authentication is enabled in the domain (or the web server is on the same physical machine as the database server), the web server will not be able to pass the users' credentials on to the database server for authentication - the so-called double hop problem. Google for "windows double hop" for more information.

Ed Harper  2010-04-15 11:24:03

related questions

Sql to query a dbs scheme
Transform Columns into Rows
SQL Client for Mac OS X that works with MS SQL Server
How do you get leading wildcard full-text searches to work in SQL Server?
SQL Server 2000: Is there a way to tell when a record was last modified?
What's the BEST way to remove the time portion of a datetime value (SQL Server)
I need to know how much disk space a table is using in SQL Server
What's the best way to determine if a temporary table exists in SQL Server?
Appropriate pagefile size for SQL Server
Have you ever encountered a query that SQL Server could not execute because it referenced too many tables?
ASP.NET MVC "CRUD" Database Sample
How do I unit test persistence?
Best Book for a new Database Developer
Can I logically reorder columns in a table?
Best way to copy a database in SQL Server 2005/8?
Is Windows Server 2008 "Server Core" appropriate for a SQL Server instance?
Why doesn't SQL Full Text Indexing return results for words containing #?
Client collation and SQL Server 2005
Editing database records by multiple users
Deploying SQL Server Databases from Test to Live
SQL Server 2005 implementation of MySQL REPLACE INTO?
Upgrading SQL Server 6.5
How do I version my MS SQL database in SVN?
How to export data from SQL Server 2005 to MySQL
Check for changes to a SQL table?