sql server - Using SSPI, how to make my webapp NOT connect to local SQL Express? -


yep - read right! want make web-application not connect local sql server express (2008r) database!

i created domain user account web-application, , added user domain (ad) group.

in local sql server instance, created login ad group. user account mentioned absolutely in sql database.

then in local iis, changed app-pool site use account created.

when browse local site in browser, voila! connects database.

okay, go ad , remove user account ad group. iisreset. browse local site in browsser, voila!? connects database.

huh? how connecting? using [integrated security=sspi][2], authentication ought made via account being used application pool. so, since doesn't belong group has access sql database, shouldn't fail?

how can make fail? maybe connecting other windows authentication? okay, logins server's instance are:

  • mydomaingroup (without app-pool's user account)
  • mydomainadminaccount
  • sa
  • nt authority\network service (necessary everything, even sql log viewer)

and - can confirm none of logins user-mapped users allowed database except special domain group.

ah, it's worse. if connection string uses sspi, supposed accept , use username , password if present. if specify username , password of account have left out of ad group, shouldn't application pool trying login bad credentials? -- think so, but, again, voila! connects!

thus, these 2 connection strings both connect domain user account seemingly has no credentials in sql server instance:

    <add name="development" connectionstring="server=mycomputer\sqlexpress;database=shoppe;persist security info=false;integrated security=sspi; user id=myuser; password=mypassword; pooling=true" providername="system.data.sqlclient"/>      <add name="development" connectionstring="server=mycomputer\sqlexpress;database=shoppe;persist security info=false;integrated security=sspi; pooling=true" providername="system.data.sqlclient"/>

i tried adding trusted_connection=false; , still connects!

so, getting access connect? there not way tell account being used connect?

on other hand, if remove integrated security=sspi; connection string, can't connect @ windows authentication. don't know if clue or not.

the system stored procedure xp_logininfo http://msdn.microsoft.com/en-us/library/ms190369.aspx can tell access path being used when account connects sql server. example, groups being granted access through , effective permissions login.


Comments

Post a Comment

Popular posts from this blog

c# - Send Image in Json : 400 Bad request -

from android trying send image class of data, iis webservice. (c#) the problem 400 bad request . the image being encoded base64 . , placed json rest of class elements. my guess base64 not valid inside json. server not understand it. if set string "" , post accepted fine. so question is, how make base64 valid within json array? ( tried url.encode no success). or how should send image android webservice? gson gson = new gson(); string json = gson.tojson(record); // record has param { string base64photo } how big image? i'm pretty sure surpassing iis json size limit (default 4 mb). check http://geekswithblogs.net/frankw/archive/2008/08/05/how-to-configure-maxjsonlength-in-asp.net-ajax-applications.aspx or http://www.webtrenches.com/post.cfm/iis7-file-upload-size-limits good luck!
Read more

jquery - Fancybox - apply a function to several elements -

this source code below posted cristiano g. carvalho in answer question: calling fancybox gallery other link made user. <div class="details_gallery"> <a href="#" class="manualfancybox">manual call fancybox</a> <div class="details_gallery_min"> <a rel="details" href="max/1.jpg" class="fancybox"><img src="min/1.jpg" alt="" /></a> <a rel="details" href="max/2.jpg" class="fancybox"><img src="min/2.jpg" alt="" /></a> <a rel="details" href="max/3.jpg" class="fancybox"><img src="min/3.jpg" alt="" /></a> <a rel="details" href="max/4.jpg" class="fancybox"><img src="min/4.jpg" alt="" /></a> </div> </div> <script> $(document).read
Read more

An easy way to program an Android keyboard layout app -

i program android app replaces standard keyboard 1 one-hand optimized coffee++ keyboard layout. what special problems have face in progress? guess such project go deep android core, cause keyboard such essential thing. is wise start android developer tools (adt)—eclipse plugin described in this tutorial ? or there better way achieve goal? i new android programming, firm in php, mysql , javascript , use eclipse php i guess such project go deep android core, cause keyboard such essential thing. no. can create inputmethodservice implementation of keyboard. there sample soft keyboard in android sdk installation (if chose download sample code sdk manager), , there open source input methods floating around well, such hacker's keyboard. inputmethodservice distributed part of ordinary android application, , user can elect activate input method if user chooses. is wise start android developer tools (adt)—eclipse plugin described in tutorial? that fine s
Read more