Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
crazycat503
Starting Member
16 Posts |
 Posted - 2013-01-14 : 06:58:08
|
| What would be a quick way to allow users to connect to sql server 2008 server or express editions no matter their username, password, windows group or domain?My app is been installed from various accounts and i am forced to create the same username and password, or windows group. I don't have such power on the users who are going to work with the application. My only power is on the sql server and the client app we just developed.Any global way to allow the user to connect to sql server? I thot of creating a service or use default services (such as NETWORK SERVICE) but am not sure if it is the best way to go.Any idea would really really appreciated.All guys! |
|
|
James K
Master Smack Fu Yak Hacker
3873 Posts |
Posted - 2013-01-14 : 07:35:31
|
| Since you have control over the client app, you could use a single SQL Authenticated user name and password embedded in that app to connect to the SQL Server.If you need to audit who all are using your app, you can pass the windows username as an additional parameter in the stored procedures and queries and log that information. |
 |
|
|
crazycat503
Starting Member
16 Posts |
Posted - 2013-01-14 : 13:25:47
|
| Do you mean something like application role? if so, i dont feel really right about embedding a password in a net application as it is security risky.All guys! |
|
|
|
James K
Master Smack Fu Yak Hacker
3873 Posts |
Posted - 2013-01-14 : 19:42:46
|
| Yes, that certainly would be an issue. You can try to obfuscate the code, but that only makes it slightly harder for someone determined to get around that.There are ways to encrypt the data - but that then requires the credentials of the principal who encrypted it. In any case, I am ill-qualified to advise on that aspect of .Net.Does your organization have an AD group that includes all employees? Normally there should be one. If there is, you can grant access to that AD group (or a role that the All Employees AD Group is a member of). That would be the best way that I can think of. |
|
|
|
srimami
Posting Yak Master
160 Posts |
Posted - 2013-01-15 : 07:24:38
|
| Yes, you can create same username and password as that of other systems but the roles have to be defined on this new Sql Server. Also, your new Sql Server should be under the same security domain as that of old. If this is what you are looking for, please do let me know so that I shall post the queries to create same username/password as that of others system though you don't have any control over it. |
|
|
|
crazycat503
Starting Member
16 Posts |
Posted - 2013-01-16 : 08:53:39
|
| The main problem is there is no AD. At least for now. Is there away to work around this with windows groups since users may chose their own username and password but can be forced to be part of a specific group such as "stockmanagers".All guys! |
|
|
|
srimami
Posting Yak Master
160 Posts |
Posted - 2013-01-17 : 06:42:17
|
| Even if there is no AD set up, but under the same network (Whitelist the IP addresses of users); we can still make it possible to have their own username and password as they used earlier. |
|
|
|
|
|
|
|
|
ALlow currently logged in user connect to sql serv