Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

SQL Server Integrated Authentication Mode

I was wondering when using Windows Authentication mode in a connection string from a web application. Application itself is using Windows Authentication for authorization. Which account will be used to login to SQL Server.

Is't the web application pool account? User account who logged in to web application using windows auth? Any other account?

Application is running under Win Ser 2008 64 bit and IIS 7. Application pool account is Network Service.

like image 299
user724779 Avatar asked Apr 26 '11 05:04

user724779


People also ask

What is Integrated authentication in SQL Server?

Integrated Windows Authentication (IWA) refers to a set of authentication protocols that are used by Windows clients and servers. You can use IWA with IBM® Integration Bus to provide transport-level security when you are recording data with a Microsoft SQL Server database.

What are the SQL Server authentication modes?

SQL Server supports two authentication modes, Windows authentication mode and mixed mode. Windows authentication is the default, and is often referred to as integrated security because this SQL Server security model is tightly integrated with Windows.

How do I change SQL Server to mixed authentication mode?

Change authentication mode with SSMSIn SQL Server Management Studio Object Explorer, right-click the server, and then click Properties. On the Security page, under Server authentication, select the new server authentication mode, and then click OK.


1 Answers

It depends on how you configure it. From http://msdn.microsoft.com/en-us/library/ms998292.aspx and http://msdn.microsoft.com/en-us/library/bsz5788z.aspx ...

ASP.NET applications do not impersonate by default. As a result, when they use Windows authentication to connect to SQL Server, they use the Web application's process identity. With this approach, your front-end Web application authenticates and authorizes its users and then uses a trusted identity to access the database. The database trusts the application's identity and trusts the application to properly authenticate and authorize callers. This approach is referred to as the trusted subsystem model.

The alternative model referred to as the impersonation/delegation model uses the original caller's Windows identity to access the database. This approach requires that your ASP.NET application is configured to use impersonation. See the section "Impersonation / Delegation vs. Trusted Subsystem" in this document.

So depending on how you have configured it, it could use either the app pool account (not when not using impersonation) or the account of the logged-in user that is using the web application (when using impersonation).

See http://msdn.microsoft.com/en-us/library/134ec8tc.aspx for impersonation information.

like image 92
Shawn Avatar answered Oct 19 '22 03:10

Shawn