Re: Membership functions connect to Sql Server as Process Identity, not user identity??

right - that's by design - and i would call it a feature..

Do you really want that every single user of your system has direct access to your credentials database??

out of curiosity - why do you use membership when you use Windows Authentication?

- and to answer your question - there is no way around it - you could download the sources of the SqlMembershipProvider and remove the code that checks for impersonation if thats really what you want/need...

http://download.microsoft.com/download/a/b/3/ab3c284b-dc9a-473d-b7e3-33bacfcc8e98/ProviderToolkitSamples.msi

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

When I attempt to use any of the Membership class functions (eg
getAllUsers()) to access my db from my web app, it is my
mydomain/processidentity attempting to log in to sql server, and this
is failing as this id has not been granted access in sql server(on
purpose). I am using windows authentication (in web.config), with
impersonation on, and basic authentication turned on, anonymous access
off, in IIS. When I access the database by means other than through
the Membership class, such as creating my own sql commands,
sqldatareaders, etc., I correctly log into sql server as the
impersonated user. Looking at the audit logs, it seems that regardless
of my impersonation settings, the Membership class functions run under
the processidentity id, not the impersonated user id. Is this by
design and is there any way around this? For the life of me I can't
figure out why these Membership functions do not assume the user id
like everything else does. I'm desparate for a solution and haven't
found a solution anywhere.



.

Relevant Pages

  • IIS / SQL Server impersonation
    ... I am attempting to implement impersonation from a windows application ... I have configured the host virtual directory in IIS to require windows ... the database permits Windows Authentication. ... When I try and open a connection to SQL Server: ...
    (microsoft.public.dotnet.security)
  • Re: Login failed for user NT AUTHORITYANONYMOUS LOGON
    ... Is the SQL server box in the same domain as the web server (or do they have ... went wrong with your impersonation. ... > I have a local webservice and I was to use to access a SQL server on their ... > of the domain user in the web.config. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Permission required to execute a DTS package from ASP.NET applicatio?!!
    ... Yes,I've enabled impersonation in my application and that's why it is under ... > does SQL server is on the same server as your ASP.net application? ... >> I'm calling a DTS package from my asp.net application.Apparently because ... >> of the current security context and it is my Domian user name and I'm ...
    (microsoft.public.sqlserver.dts)
  • RE: Connect to database after windows impersonation.
    ... I would turn on Profiler with a filter to look at the particular database. ... > has admin rights on the SQL server box and the SQL Server itself. ... > //do the impersonation by calling am method in the class Impersonation I ... > specify a SQL Login in the connectioon string, ...
    (microsoft.public.dotnet.framework.adonet)
  • Re: Login failed for user MachineNameASPNET
    ... > Or is your SQL Server not on the same network? ... > Really impersonation is the best way, but I do remember a Visual Studio ... >> windows authentication to log into the site, ... >> programmatically override asp.net from providing the MachineName\ASPNET ...
    (microsoft.public.dotnet.framework.aspnet)