RE: Using trusted database connection across domains
- From: changliw@xxxxxxxxxxxxxxxxxxxx ("Charles Wang [MSFT]")
- Date: Thu, 17 Jul 2008 03:19:40 GMT
Hi Dave,
I understand that you would like to use Windows Authentication for your
ASP.NET application, however the web server is in a workgroup which is not
in any of your domains. You would like to know if this is possible.
If I have misunderstood, please let me know.
Unfortunately this is not possible, because Kerberos authentication cannot
be established between a domain and a workgroup or among seperated domains
(without building any trust relationship); while Windows NTLM
authentication cannot be double-hop. If your Web application used Windows
authentication, you client user token can be passed to your web server and
authenticated, however the token cannot be further authenticated on your
remote SQL Server. I recommend that you use SQL Authentication in this case
and encrypt the connection string in your config file.
If you have any other questions or concerns, please feel free to let me
know. Have a nice day!
Best regards,
Charles Wang
Microsoft Online Community Support
===========================================================
Delighting our customers is our #1 priority. We welcome your
comments and suggestions about how we can improve the
support we provide to you. Please feel free to let my manager
know what you think of the level of service provided. You can
send feedback directly to my manager at: msdnmg@xxxxxxxxxxxxxx
===========================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.
Note: The MSDN Managed Newsgroup support offering is for
non-urgent issues where an initial response from the community
or a Microsoft Support Engineer within 1 business day is acceptable.
Please note that each follow up response may take approximately
2 business days as the support professional working with you may
need further investigation to reach the most efficient resolution.
The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by
contacting Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
============================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
=========================================================
.
- Follow-Ups:
- Re: Using trusted database connection across domains
- From: Dave Smith
- Re: Using trusted database connection across domains
- References:
- Using trusted database connection across domains
- From: Dave Smith
- Using trusted database connection across domains
- Prev by Date: Re: Windows authentication still prompts for database login
- Next by Date: Re: KB948110/MS08-040, SQL 2000 & sa authentication
- Previous by thread: Using trusted database connection across domains
- Next by thread: Re: Using trusted database connection across domains
- Index(es):
Relevant Pages
|
