0

I am making a simple c#.net winform application which will connect to sql server. I wnat it to have 2 ways to connect- Windows Authentication and SQL server Authentication.

From what I found online I came up so far with:

public static void SetConnectionStringParams(string dbAddress, bool isWinAuth, string user, string password)
        {
            if (isWinAuth)
            {
                _connectionString =
                    string.Format(
                        "Data Source={0};Database = {1};Integrated Security=True;Max Pool Size=1000;MultipleActiveResultSets=True;Connection Timeout=60",
                        dbAddress, DefaultDBname);
            }
            else
            {
                _connectionString =
                    string.Format(
                        "Data Source={0};Database = {1};User ID={2};Password={3};Max Pool Size=1000;MultipleActiveResultSets=True;Connection Timeout=60",
                        dbAddress, DefaultDBname, user, password);
            }
        }

which works great, but I couldn't found how in case of Windows Auth I force require user and password instead of using the Integrated Security=True...

Is there an API that do that? if not, would appreciate guidance how to do it.

Thank you,

Improve this question
4
  • 2
    You misunderstand what Windows Authentication is. It means that the application will connect to the database using the current Windows account. Which is a VERY good thing as the users don't have to supply their credentials again. Think of it as SSO out of the box. You can't have Windows Authentication without that Integrated Security keyword Commented Mar 8, 2017 at 8:31
  • Why do you want to use SQL Server authentication at all? You already know who the user is. If you don't want to add individual accounts to the database, put all users in a Windows Group and add that group to the database instead Commented Mar 8, 2017 at 8:31
  • Yes, but I want it to force re-enter credentials from user upon connecting to sql server instead of using the current windows account (As a security precaution), is it possible? Thank you Commented Mar 8, 2017 at 8:35
  • That's not a security precaution, that's weakening security. Why would you want to do that? Besides, it's not SQL Server that checks the Windows account, it's Windows. If you want increased security, make sure all computers on the network lock after X minutes. Commented Mar 8, 2017 at 8:38

1 Answer 1

Reset to default
1

Give this a shot

  1. Ask user to enter windows username and password
  2. Impersonate this user manually as by Microsoft and fetch users Principal & Identity
  3. Now fork new thread with this Principal/Identity to talk with database with integrated security
  4. Flush user, identity and principal on job completion or on exception
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.