Security Context of DB connection over Web Service Call | ansaurus

tags:

wcf-security

views:

185

answers:

1

Q:

Security Context of DB connection over Web Service Call

Hello,

If I have an application (on C#) that runs under a user context (ex. DOMAIN\StandardUser) which makes a call to a Web Service, which has the web service worker process running under a different context (ex. DOMAIN\WebServiceUser), and that web service connects to a SQL database, which user context does the database connect from, the StandardUser or the WebServiceUser?

Thanks,

+2 A:

use integrated security, so your user context will also use for web service.

Syed Tayyab Ali 2009-04-21 18:56:24

So your saying that when the web service is called it impersonates the user to the database connection, and does not connect to the database from it's own context, correct? And yes, it's using integrated security.

Phillip 2009-04-21 19:04:05

No, the logged in user for the database connection is "DOMAIN\WebServiceUser" because the web service connects to the database. Not your app.

gbn 2009-04-21 19:16:19

you can use web.config file, where you can place database user name and password. in that way, you dont need any context user name for database connection.

Syed Tayyab Ali 2009-04-21 19:18:00

Syed Tayyab Ali: Thats what were are doing already but we are using it under SQL Authentication which we are trying to get away from. If we can use integrated security that would be preferred. We just need to make sure what context gets permissions.It sounds like the web service context is used which is what we wanted. Thanks gbn!

Phillip 2009-04-23 14:16:28

related questions

Silverlight WCF Authentication (Help going from WPF to Silverlight)

WCF Forms Based Authentication Via Web App - Passing Credentials

WCF Getting "The primary signature must be encrypted." from FaultContract with ProtectionLevel.None

Securing WCF service using basicHttpBinding which supports streaming

How To: WCF with Transport Security+Server Cert Auth. WITHOUT Client Cert?

SSL Error with WCF Service using Transport Security & Cert. Authentication

Connect with WCF to a WebService authenticated with username/password

WCF, Security and Certificates

wsFederationHttpBinding, passing custom user Identity to STS

WCF Architecture

How should I configure WCF security for an internal service between two Domains?

Does each authenticated WCF client connection need a CAL?

Custom X509CertificateValidator with BasicHttpSecurityMode.Transport?

Can I setup an IP filter for a WCF Service?

How to use System.IdentityModel in own client-server application

Is it possible to configure Security mode as Transport with "Windows" as clientCredentialtype via https?

How Do I Avoid SSL Certificates during Development for a WCF endpoint that will be secured during Production

Getting caller's hostname in WCF

Custom binding with WCF

"Cannot load the X.509 certificate identity specified in the configuration"

Asp.net not authenticating against wcf service on server 2008

WCF security problem

WCF Security - A list of what I dont understand

Implementing Claims-Based Security (WCF/Asp.NET)