Re: Membership functions connect to Sql Server as Process Identity, not user identity??

thanks, glad it is useful :)

as i said - you could just use the source of the sql provider released by MS last week and remove the impersonation/revert to self code - look out for calls to "SqlConnectionHelper.GetConnection()"

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

Thank you for replying, this has been bothering me for days. To answer
your questions, the reason I want to use membership while using
windows authentication is this site serves as an administration portal
for another site, and thus every user of this system by definition is
to have direct access to the credentials db. That other site does use
forms authentication and the membership class for everything. While
the other site is open to any public user, those in charge want to
have a more secure method of gathering/displaying aggregate user data,
and thus would like to use windows authentication so that only certain
users in their domain are able to login to the admin site. As another
layer of security, they want to be able to restrict the execution of
the aggregate stored procedures by setting exec permissions on Sql
Server to specific users, thus the reason I need to be able to
impersonate the user all the way to sql server (even though
theoretically the only people who can get into the admin site in the
first place will be those that have the credentials to also run the
aggregate sp's in the database). I know the drawbacks of impersonating
to sql server, including connection pool issues, but that's the way it
has to be. The reason I wanted to use the Membership functions in my
admin app is that they provide exactly the functionality I need since
all the data in the db is modeled around Membership. I could rewrite
all of the procedure calls, but chances are it wont be as quick or
correct as the real ones, but it looks like that's what i need to do.

On a side note, thank you Dominick for providing the ShowContexts.aspx
file on your website, I've been using it this last week and it's
helped me learn a lot about impersonation, security, etc.



.

Relevant Pages

  • Re: Replacing VS .NETs SQL Server Express Edition Integration
    ... As you said you already have an existing database that contains the ... membership structure, ... Replacing VS .NET's SQL Server Express Edition Integration ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: DataAdapters and Parameters
    ... server goes down and we need to check a customer's membership. ... using SQL Server and ASP.NET via our intranet. ... I guess I could go with a synchronized SQL database?... ... >> downtime backup, that is why I am currently working with Access. ...
    (microsoft.public.dotnet.framework.adonet)
  • Re: Use query or stored procedure
    ... Use a naming convention like GetTableNameAll, GetTableNameByID, ... >I am learning to use SQL Server and TADO. ... > I am going to write a small application to manage the data of membership, ... > OR write a stored procedure in SQL Server and pass the parameters to it? ...
    (borland.public.delphi.database.ado)
  • Re: Sql To Active Directory Challenge
    ... capability) it is much easier for SQL server to check if a user is a member ... This way you can check the group membership in SQL and only return the ... you'll not need to check the membership in your app. ... SQL stored procedures and get the apps for this group. ...
    (microsoft.public.dotnet.languages.vb)
  • Re: loop and recordset
    ... those members whose membership lapsed. ... Use the SQL language to return only the set of required ... This table obviously needs some constraints. ... ALTER TABLE enrollment_2 ADD ...
    (microsoft.public.access.modulesdaovba)