Hi folks,
Just want to make sure I've got this right.
I've got an application I want to authenticate to the domain i.e. an
intranet app. I've set this up (all the web.config items are in place and
everythings tickety boo) and I can get the username and various other bits
of info from a WindowsIdentity object. So far so good.
When I try and connect to my SQL 2K server however using a trusted
connection, the system will either use the account that ASP.NET runs under
in IIS or I have to switch impersonation on and use a user at my discretion.
Either way, it doesn't matter who's using the application, each individual
session will always use the one account to make a trusted SQL server
connection. Correct?? So I'll always have to replicate some security
structure in the database i.e. create and maintain and User table if I want
to use a trusted connection.
Is this something that's going to get fixed (it's not a feature) in Whidbey?
Having read a number of books about this, none of the authors seem to find
this inconsistency odd, which I find odd. It's as if it's perfectly natural
for the framework to be able to pick up the domain user data, but not let
SQL server use it. To me it's the king of mildly annoying and screamingly
obvious bug I normally associate with the Unix crowd.
I'm tempted just to use Forms authentication and not bother with integrated
security until they sort this out. Would that be a better move?
Any comments and advice would be much appreciated...
Cheers...Paul
