i have c# windows form application which will connect to the ms sql server over internet connection.
i need to connect to it with entity framework to make may day good but , there is a problem with connection. i need to connect with windows authentication
i have connection string like that
Data Source=xxx.xxx.xxx.xxx[SQL INSTANCE];Initial
Catalog=mainCatalog;User ID=[userid];Password=[password];
as you know this is SQL Authentication.
what can i do to connect to the sql server with connection string which i can describe also windows authentication parameter to let me login.
Thanks.
As others have already commented, you cannot use Windows authentication from the internet. From the internet, your client cannot communicate with your domain controller, which is needed to get the encryption keys used in Windows authentication.
Even if you could, I would advise against exposing your SQL server directly on the internet anyway.
A better option would be to have your Windows Form application talk to a web service and have the web service talk to the SQL server instance. That way, you can put your SQL server behind a firewall and only allow your web service to query it. Your web service can use Windows authentication to talk to SQL Server (if they are installed in the same domain).
Your Windows Forms application can use a token based authentication protocol like OAuth2 to authenticate against your web service.
Related
I am building a desktop application in .NET Core. I will connect this application to an Azure SQL server. The information that will pass between the two is very sensitive. Each query to the database can return a response of a few kilobytes to 4 MB. When executing queries on the SQL server I would like to know the login \ identity of the user making the request so that I can return only the data this user is allowed to see.
I am trying to decide between connecting my desktop application directly to the Azure SQL database or creating Web APIs.
My Questions Are:
Which would you recommend, connecting directly to the Azure SQL Database or using a Web API that connects to the database on the server?
I know it is bad practice to hard code the user name and password to the SQL server in my application. If I connect directly to the SQL server would I have to create an account on the SQL server for each user and ask the user for their credentials when they login and then pass it to the SQL server?
If I use a Web API how do I obtain the users credentials? Again, do I have to set up individual accounts for each user? Would I do this using OAuth or some other method? https://learn.microsoft.com/en-us/aspnet/web-api/overview/security/individual-accounts-in-web-api
Would anyone endorse using WCF Data Service instead?
No, this is a potential security risk if you make your SQL Database publicly available. There is an identity provider for ASP.NET Core you can decide weather you want to store the users in the DB or you can also use external login providers like Facebook, Google, or Microsoft.
If you want to do this, you should use Azure Active Directory Authentication you can use it to authenticate users for your application and for the Azure SQL Database both. But, this can work if you do B2B applications, or and internal app for your company. If you want to have a public application available on the internet, and let everybody to register you should go with the first solution.
It is described in the identity provider for ASP.NET Core article.
You can't, if you check the Choosing between .NET Core and .NET Framework article, it says "WCF server implementation is currently only available in the .NET Framework" only the client is implemented in .NET Core.
I am trying to host an ASP.NET web application in my local, which is connected to various other computers via LAN. I have a single DB in SQL server, but I am unable to set the connection string for multiple users. I use windows authentication for my web application. Please help to set the connection string for multiple users.
This can be done in one a few ways;
You create a SQL account and put the login details in the connection string
You create a SQL account and an ODBC connection and connect via the ODBC connection (has the virtue of not putting the password in the connection string)
You create a Windows account and use those credentials for the application's IIS App Pool when the site is deployed.
Any of those approaches will allow you to have your Windows auth turned on but still allow the application to use only one identity to connect to the database.
I'm using
WCF service (Windows authenticated and impersonation)
SQL Server (Windows authentication)
Console application (client)
All are in the same domain.
I'm consuming a Windows authenticated WCF service from a console application as the client. However, when I try to access SQL Server from the console application using the WCF service, I get an error:
Exception In Account Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
My scenario is: my WCF service and SQL Server are on one system (System A) and my console application (my client) is on another system (System B).
When my client from System B sends a request, it hits my service successfully, but when the service tries to access SQL Server
WCF service(Windows Authenticated and Impersonation)
Sql server(Windows Authentication)
Console Application(Client)
This scenario requires Kerberos constrained delegation. You cannot do this, you must enlist the help of a domain administrator to set it up for you. Read and follow How to Implement Kerberos Constrained Delegation with SQL Server.
Note that impersonation and delegation will flow the credentials of the original client (the console app) to the back end database, which means that you will need to grant SQL access to the actual users of your service, not to the WCF service account.
I think your connection to WCF service has no problem but the SQL Server own security system perceives the client as a user beyond security barrier(like firewall) because the client is really from outside, not the administrator of the machine.
Why don't you apply the common idea that SQL authentification mode and asymmetric Encryption of Web.Config of WCF?
If you have to face situations that clients connect to Server from outside, Encryption(Security) is strongly recommended.
I have desktop application(WPF) on clients side and WCF service on Cloud service connecting to Cloud SQL Server.
In a current project I would like to check if the user is the user it says he is (no private data involved). That project is mainly about Timetables at my university. As we have a LDAP Server and every Student has an account, i would like to authenticate against the LDAP Server but the System.DirectoryServices Assembly is not available on Windows Phone.
Does anyone have an idea how to realise the login expect for a workaround via a Webservice? WCF would not be an option, I could theoretically send the data to a Webservice and do the authentication via PHP but I would like to keep that functionality in the app.
Thanks in advance!
RESTful Web service would do what you want.
Have a web server running tomcat/windows IIS (depending on how you wish to implement it)
send request to the web service via HTTPS and then have the web server connect to the LDAP server to query it.
Have you tried using a 3rd party library like Novell's (http://www.novell.com/developer/ndk/ldap_libraries_for_c_sharp.html)? It comes with source and MIT license.
I need to use a Windows application running on remote clients that will connect to a web service. The web service will access an SQL database to verify users, and roles, and perform other tasks. I am using ASP.NET Membership to manage the users and roles. I have ASP.NET Membership, and the web service working on the development machine. I have a windows client with a service reference that works when I access methods that do not access the database, but when I try to access a service method that access a database method I get The user is not associated with a trusted SQL Server connection. I get various permissions errors depending on what I am try to fix this, but this is the gist. I don't want the Windows client to need DB permissions. I want it to send a user name, and password to the web service, then the web service wraps Membership.ValidateUser(userName, password)
Can someone tell me how to set this up?
You should consider setting up SQL Server to use SQL and Windows Authentication (mixed mode). It's most likely running in Windows Authentication mode only. You can take a look at this link to get started.
It sounds like, by the way you have it designed, is that you would have to set up an account for each user. In my experience it's best to just create a specific SQL account with the necessary permissions, and have each client use that account. You could specify this in the connection string.
Assuming you have named pipes authentication enabled in SQL, your SQL connection string in your ASP.NET application could be configured to use integrated security (Data Source=myServerAddress;Initial Catalog=myDataBase;Integrated Security=SSPI;). Then in SSMS, give the appropriate ASP.NET user privileges to the database. The user that IIS uses depends on what version of IIS you're running, and can be seen in the App Pool configuration for the server in question.