Infrastructure has created an active directory account for me that has read access to the SQL 2008 database I need to query. The web application I've created does N开发者_运维知识库OT use this account to run so I can't use Identity Impersonate="true" to access my datasource.
Is there a way in my connectionstrings node to just input the AD UN/PW combination (similar to how I would a SQL user account) to connect to my sql server?
please advise,
thanks
What you'd normally do is set the Application Pool identity to use the Windows (AD) service account and then use "trusted connection = yes" in your connection string in the web.config
This way you avoid the username/password in the web.config and you don't even need to knows details of the service account.
No, you can't use user name and password in the connection string.
You may create a WindowsIdentity
and impersonate it before opening the connection, that will connect using the impersonated identity, but that is extremely discouraged.
Technically you can also run the application under a 'netonly' credential (ie. it has one identity for local resources, and another identity for network resources) using runas /netonly
, but this is just as bad as hard coding the impersonated context.
Having the application run under one credential and then use a different credential to connect to the database is very bad. You must either run the application under the credential created for you to connect to the database, either grant the application's credential the privileges to connect to the database. Having two separate identities doesn't make any sense.
精彩评论