1

I have a puzzle i must solve.

On a client server application written in Delphi + SQL Server the app users are mapped to SQL Server users. In this way the user logs in from the client using SQL Server credentials and it is authenticated and logged. Then the app uses sa to run all queries, the system is designed in a way that the user who logs in to the database can just query a table where the encrypted sa password is visible, so the app reads the password, decrypts it and logs in as sa.

The users can be either with sql server authentication than Windows authentication.

In the DB there is a USERS table in which username are stored, those match with SQL Server Login names, in case of Windows Authentication the uesrname is stored as "DOMAIN\User", in case of sql authenication simpy as "User".

i am writing a java web application that must keep the same authentication system for the users: the app connects to th db with JDBC using the sa user, but in the login form the user must input its sql server login data. Since the webapp must be used also outside of the LAN/VPN i'd like that also the Windows auth users can pass login by typing DOMAIN\User in the name field and the password in the password field.

For SQL auth users it is simple, i just try to exectute a query the password table (the only one visible) in a try catch block, while connceted as the User who tries to login, in case of non raised exception i consider the login succesful. It works.

The problem comes with WIndows auth users. After a lot of research i foudn out that a solution could be to try to connect to the LDAP server just to check if the provided DOMAIN\User and password are correct. I am currently exploring this idea, i asked this question for this reason.

The question i am asking here is about t he whole process. Is this aprpoach correct or should i consider alternative ideas like create a "WebPassword" field to be used by Win auth users when loggin in to the webapp?

In another webapp I made with Intraweb (VCL for the web) i was able to perform my task since the DAC component i used (SDAC) allows to connect to sql server by passing at runtime DOMAIN\USER and password of any other user. This is not possible in jdbc so i already discarded this idea.

Please keep in mind that this question is about "migrating an old client server application to the web by keeping old authentication system (because client server and web must coexist)".

UnDiUdin
  • 14,924
  • 39
  • 151
  • 249
  • no it is not a duplicate. I am not asking about how to connect to Sql Server with jdbc using Windows Authentication, but i am describing a more complex scenario – UnDiUdin Dec 01 '17 at 16:43
  • 1
    Then I would create an intermediate webservice in C# / Delph/whatever, impersonate the windows user and the use WinAuth on SQL level – whosrdaddy Dec 01 '17 at 17:10
  • Thanks, in fact it is a good idea. Also the link the duplicate question contains a lot of useful info to create a workaround to solve my problem. I Understand my question contains too many technologies combined. – UnDiUdin Dec 04 '17 at 10:50

0 Answers0