I have a corporate client server application. It passes majority of the work from the client application (Windows 7) to the server application (Server 2008 R2), and when it comes to running a SQL query (SQL Server 2008), it is handled by the server - which registers the user as the server.
We then have a table in our database which is locked down using Active Directory.
Our client and server are written in .Net 4.0. I'm Using WCF (net.tcp).
How would I pass the logged in user security token from our Windows 7 client, to our server in order for the server to turn around and use it to connect to the SQL server to run a couple of quick queries.
Any thoughts, or ideas, would be greatly appreciated! Thanks.
You might want to create a service account for SQL server access.
You can impersonate/change identity in your windows application using the service account before making a call to database. so while database call is being executed it will run under impersonated identity(service account). For impersonation in windows application see this MSDN Article
What you are talking about is the double hop scenario. Check out this SO question regarding how to set up double hop possibilities.
Related
I have created a windows service to monitor receive location and send port events i.e. start/stop/enabled/disabled/enlisted/unenlisted for a local BizTalk server machine using a WMI ManagementScope class scope:
string strScope = #"\\.\root\MicrosoftBizTalkServer";
But when I try pointing at a remote machine/server to capture events using:
string strScope = string.Format(#"\\{0}\root\MicrosoftBizTalkServer", node.Address);
I receive an odd WMI error. The typical remote machine I am trying to point towards is a similar windows server with one small distinction that its BizTalk server is pointing to a SQL server located on yet another server within the network.
After a lot of googling and searching, I came across information pointing at a possible cause of failure being the classic "Double-hop" issue which occurs when we try to access remote BizTalk server when its SQL server is on another machine.
Within visual studio I was not getting enough information on the error that I tried a windows built-in tool "wbemtest.exe" to troubleshoot what was going on only to uncover a long error message such as this:
BizTalk Server cannot access SQL server. This could be due to one of the following reasons:
\n1. Access permissions have been denied to the current user. Either log on as a user that has been granted permissions to SQL and try again, or grant the current user permission to access SQL Server.
\n2. The SQL Server does not exist or an invalid database name has been specified. Check the name entered for the SQL Server and database to make sure they are correct as provided during SQL Server installation.
\n3. The SQL Server exists, but is not currently running. Use the Windows Service Control Manager or SQL Enterprise Manager to start SQL Server, and try again.
\n4. A SQL database file with the same name as the specified database already exists in the Microsoft SQL Server data folder.
\n
\nInternal error from OLEDB provider: \"Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.\""
I have tried playing with Firewall and DCOM setting under Administrative Services -> Component Services but no setting is working for me to pass on my user's credentials via "impersonation" and retrieve back receive location / send ports information.
Please share a workaround/solution/configuration settings that actually addresses this issue.
After a lot of research and thorough study, the solution was achieved via enabling / configuring Kerberos authentication for the non-domain admin. service account user and machines involved in communication i.e. client (machine sending WMI based request), Biztalk node (machine responding to the WMI based request) and SQL Server node (machine hosting / running SQL Server database engine service and most importantly Biztalk's databases which include messagebox, tracking, management and SSO).
This was all done under a single domain and delegation was setup for both the Biztalk node and SQL Server node along with the service account used.
DCOM permissions were granted to the service account for WMI and DTC(Distributed Transaction Coordinator) permissions were setup.
Appropriate SPNs were generated and appropriate SQL Server permissions were granted to the service account initiating WMI request in delegation mode.
Verified that Kerberos was enabled for the particular service account using the following SQL query:
select session_id,net_transport,client_net_address,auth_scheme from sys.dm_exec_connections
This is a double hop issue only, the problem you are facing is because you are trying to run a service and access remote server BizTalk server, which is then trying to logon to a remote SQL server. Your credential only reaches to BizTalk server but BizTalk server does not pass your credentials to another server.
Refer to this link for solution
Similar Issue
I have a windows forms application which connects to an SQL Server 2008 R2 database using variously SMO, databinding, and ODBC connections.
Currently it uses entirely Windows authentication, but a client has requested that we also allow SQL Server logins.
Given the only Windows login I have, and can have, is my own, what can I do to test whether my code is actually using the SQL Server login and not simply connecting using my own Windows login?
Alternatively, what can I do to refine this question so it makes sense?
Thanks
Your question is too general but here are some steps you should take.
Create new sql login and only give necessary permissions to this user
Update all connection strings in your application. If these are not consolidated in one config file now is the good time to do this. You can even consider creating a separate class that will handle this.
Add login form to your app that will be shown at the application startup so that user can enter credentials
Best way to test this is to simply disable your windows user in SQL Server and see if application is still running.
I have a Windows 2008 server on which I run a web application. The application receives user inputs {x,y,z} every few seconds, and I perform certain operations on them to achieve results {a,b,c}. Once this is done, I store a,b,c in SQL server 2008 on the windows server.
I have now setup another web application on a Linux server, on which I need to display these results {a,b,c}, in realtime (or almost), as they are produced in my windows server.
For each record, or set of records that I receive on the Linux VPS, I'll need to return an acknowledgement which gets reflected/ stored in the SQL Server in the Windows server.
What are the options to achieve this?
I'm thinking a C# SOAP client in the windows VPS with a tornado/python SOAP server in the Linux VPS over https?
I would consider using SignalR or Redis
I have a simple question, I was granted to a SQL Server database using windows authentication on my local machine, I need to know how to use this access on hosting server as well.
For example I am in the middle of writing some C# code that pulls data from this database, I can run this code on my local machine with my windows authentication no problem, but I can't run it on expected hosting server because that server obviously can't connect to that database.
I was just wondering how can I use windows authentication access remotely?
Thanks
Windows authentication must be enabled on the remote server to do this. This can be enabled in server properties > Security and by selecting SQL Sever and Windows Aucthentication radio button. Providing your windows credentials are added to the server then you should be able to login.
On your SSMS right click the database name select properties and select Security from the left hand menu and there you should see the "SQL Sever and Windows Aucthentication" option.
Obviously if your database is not on the same domain then this might not work.
I am working on windows forms application using c#.net. i have developed an application(3-tier) that uses sql database as backend. i need to deploy the database on server and my app. on client machine. but how could my application communicate with database on server. please guide me.
you need a connection string that works fine during development. On your development machine if the application is connecting fine to the database server, chances are that on your client machine, it would work as well. Sometimes, the problem occurs with the credentials that you use, that might work on the development machine but on the client it wont connect due to the lack of access rights. so you need to make sure that you give proper credentials to connect to the SQL server
You don't need to do any rocket science for this. All you need to do is on the client side use the proper connection string that can connect to a remotely installed SQL Server.
Use EntityFramework for your sql server connection for updating, inserting and deleting.
Use storedprocedures for the insert/update/delete functions.