0

We are switching security for SQL Server so that only Managed Service Accounts are used.
Currently, I am providing usernames and passwords in my connection strings. Once the MSAs are setup, do I simply change my connection strings to use Trusted_Connection=True and remove the username and password?

I thought finding examples of using MSAs with C# would be quite simple.

Improve this question
8
  • Usually you wold create a windows group account (or use a group policy) and have credential for database the windows group account. Then add users to the windows group. Most companies already have groups for users so just changing the credentials in the database would automatically allows the users access. Commented Jun 25, 2020 at 14:03
  • Thanks, jdweng. So then using "Trusted_Connection=True" is what is needed. Correct? Also, when you say "group account", are you referring to a group MSA? Our support people are worried that going this route requires setting up each computer individually (i.e. when a new laptop is provided they will have to setup an MSA specifically for that laptop). Commented Jun 25, 2020 at 14:30
  • A user group account requires two things 1) Both Local machine and remote machine are in same group. In this case a MSA. 2) The User is added to user group account on both local and remote machines. Trusted Connection refers to the User account not the MSA. So you need a user group. Then setup the database credentials to use the user group. Then users have to be placed into the user group. If you are on a Corporate Network there are already User Groups (Group Policy) so you probably just have to set the database credentials to a group. Commented Jun 25, 2020 at 15:06
  • I would test the group by using SQL Server Management Studio. Set the login window to Window Credential (equivalent to Integrated Security = true). Then see if you can access the database. If account work in SSMS then it will work in c#. I would test on same machine as database and a remote machine with SSMS to verify account are setup properly. Commented Jun 25, 2020 at 15:09
  • I would test the group by using SQL Server Management Studio. Set the login window to Window Credential (equivalent to Integrated Security = true). Then see if you can access the database. If account work in SSMS then it will work in c#. I would test on same machine as database and a remote machine with SSMS to verify account are setup properly. Windows credential means the user account is used to login and will use the user login password. Commented Jun 25, 2020 at 15:10

1 Answer 1

Reset to default
1

You can use Integrated Security=SSPI or Trusted_Connection=True see docs. As long as your application is executing as u user that has access to the database. For example: If you are domain\johndoe

Then on the database you must have a SQL login for domain\johndoe or for a user group where the use is part of.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Thanks. That's what I thought. Our goal is to manage the passwords through AD using a Managed Service Account. Some of our support staff have the impression that setting this up requires each individual users' laptop be "touched". And when a new laptop is delivered, that it must also be setup and the new information setup in AD. I just don't think this is the case, but as I've never worked with MSAs, I don't know.
As long as the group is correctly configured as SQL login and mapped to the correct user on the database, this will work for all the users in that group.
While this is the correct answer. Unfortunately, it does not suit my needs. We want users to be able to run the WPF application without signing in. I get their user name from the c# environment. However, we do NOT want them to open Excel or some other application and have access to the database. Using the Trusted Connection option means they can do just that. So I will have to come up with a different solution to this problem.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.