August 10, 2005 at 3:10 am
Hi there
We develop applications with multiple frontends (eg web, win32,...). until now we have used our own user management with login and password. All users which uses the application are registred in the NT domain/AD. So we want to check the password of the user against the NT domain and skip the password stored in the DB. Is it possible to do this within a stored procedure and without external DLLs? (-> if we implement it in the front end we have to develop the same thing with different techniques...).
We use SQL 2000 SP3 on Windows 2000.
Any ideas are welcome!
Regards
Roger
August 10, 2005 at 10:15 pm
No need to do it in a stored procedure. If you use Windows Authentication on the database, then you can use Trusted Connections. This means that your Win32 apps will use the domain account that the user logged on with to authenticate against the DB.
Now, for web-based apps, you'll need to set the web application to use Integrated Windows Authentication. When browsing to the site, the user will be prompted to enter their Domain account credentials.
I don't believe that there is a way to check a user provided password against active directory - that'd be an opening for hacking the domain.
The idea of the solutions above is to let the domain authenticate the users for you.
August 12, 2005 at 3:18 am
Thanks for the reply.
I am not sure but I think I have to have 1 CAL for each user which I register to access the machine (if not per CPU licensed) when I use the Windows Authentication. So this is not really the solution I want.
Currently we only use W32 frontends and Web frontends on W2k machines. The integrated windows authentication is a solution for the web frontend but we still have to develop the same mechanism for the authentification for the w32 client (because these are public machines with a generic user). It would be nice if this code is only on one location -> the database
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply