Previously for all our asp.net applications we have been using a sysadmin user within SQL Server to connect and add/update/delete/get data. Our SQL Admin wants to delete that account and create a Domain Account so we can use that account within our .net applications.
My current connection string is:
name="name" connectionString="Data Source=server;Initial Catalog=database;Persist Security Info=True;User ID=user;Password=password" providerName="System.Data.SqlClient"
What would the connection string be for using a domain account?
I tried :
name="name" connectionString="Data Source=server;Initial Catalog=database;Persist Security Info=True;User ID=domain\user;Password=password" providerName="System.Data.SqlClient"
and it does not work.
Is there a different way to connect to SQL Server using a domain account?
Thank for your help.
Have a look at connectionstrings.com for every possible variation - a very handy resource I use all the time
Specifically, you want this format:
Data Source=myServerAddress;Initial Catalog=myDataBase;Integrated Security=SSPI;
This, of course, only works if the domain account in question is the one opening the connection.
There's no easy way to connect with arbitrary credentials - but you can impersonate the user in question and then connect.
This can be a bit of a pain. An alternative if the users are on the local network (or you control their browser config) is to use Kerberos authentication on your site. The pages will be served with the relevant user's permissions - then you can use the connection string above and IIS will connect to the Db with the appropriate credentials for each user. This is particularly useful from a security perspective as the Db is able to audit on a per-user basis, and permissions can be per-user/row/column instead of only per-app.
Yes, try this:
Data Source=server;Initial Catalog=database;Integrated Security=SSPI;
This specifies that you wish to use integrated Windows authentication where you were still trying to use SQL Server authentication (even though the username you entered looked like a Windows domain / user account SQL server still treats it as standard SQL Server authentication)
Also take a look at connectionstrings.com
If you want to use different user account then the logged in user you have two options.
Option 1
You can add the user to Application pool Identity.
For this go to advance setting of application pool and edit the identity to use the user you want.
Option 2
Add this in Web config:
<identity impersonate="true" userName="Domain\User" password="Password" />
And use this connection stirng:
<add name="Name" connectionString="Data source=SqlServer;Initial Catalog=DbName;Integrated security=True" providerName="System.Data.SqlClient"/>
For More Details See:
https://msdn.microsoft.com/en-us/library/134ec8tc.aspx
Also found another good article her
https://www.codeproject.com/tips/520341/implement-impersonation-in-asp-net
Use integrated security:
Integrated Security=SSPI
Which has a variant:
Trusted_Connection=True
The different connection strings (for a variety of databases) can be found on connectionstrings.com.
With both of these you need to ensure that the application is running under the account you need to login with.
Data Source=myServerAddress;Initial Catalog=myDataBase;Integrated Security=SSPI;
The above is a connection string for Windows Authentication against your SQL Server instance.