2

I really want to use SQL-server from a C#/.NET appliaction without using SQL-Server accounts or adding the affected computer to the same domain or to any domain at all or to use the same logon-name as the domain.

Isn't there any way? Did someone try to do this using the MONO implementation of SSPI?

Christian
  • 2,903
  • 4
  • 31
  • 34
  • 1
    I hate to give "negative" answers, but I don't believe this is possible -- nor a good idea. Allowing access from an untrusted domain would violate the whole concept of integrated security and trust. Why don't you want to use SQL-Server accounts? – DCNYAM May 04 '09 at 13:30
  • This problem has affected me several times. Two good examples: 1) My own mobile computer. It is not part of the domain. So I have to develop in Visual Studio using e.g. the sa-account. To run the programms I have to make switches where they load the sa-password from MY harddrive while the deployed v uses sspi 2) We want to migrate from a old rusty Linux/Samba domain (which cannto and should not participate in trust relations) to our parallel Exchange AD domain. Some tools I wrote use SSPI and I must migrate slowly to the new system. 3tier apps would be easier, but I cannot convert them now. – Christian May 04 '09 at 13:40

2 Answers2

2

To rephrase your question, you want to use domain authentication without domains.

No, that's not possible.

You can set them each up on domains and use trusts between the domains, or you can use SQL authentication.

Brent Ozar
  • 13,174
  • 14
  • 68
  • 91
  • I still think it were possible if one wrote his own TDS-client and NTLM authentication. It might work with the mono-projekts code – Christian May 06 '09 at 23:41
0

Have you considered using impersonation in the application ?

u07ch
  • 13,324
  • 5
  • 42
  • 48
  • YES! I have! I tried the sample code from http://support.microsoft.com/kb/306158/en-us (The last long one with interop: "Impersonate a Specific User in Code") on my mobile computer and put some sqlconnection/sqlreader code inside. But it failed because my computer cannot simply impersonate some domain account. That domain account needs to be logged on! And that's not possible on my computer because it has no connection to the domain – Christian May 04 '09 at 23:24