Hi Bill, A programmer can invoke a thing called impersonation in certain situations, and some of the servers you mention below have some careful crafting to enable the user's context to carry through. I think what's happening is this (I don't really know the details of the failure, but here are some educated guesses):
You are signing into SQL Server as user "foo". SQL Server asks you to authenticate as this user. You then access another data provider (UniOleDB) with a connection string that indicates (probably by default) that you intend to use windows authentication. SQL Server does not realize that you intend to pass your credentials on. You get the credentials that SQL Server runs under. #FAIL :( Note that even within ASP.NET where impersonation is turned on, if you call a component that accesses a remote object, you may have to force impersonation yourself (I have some reusable code components for doing this - I've had to do it often). The problem is, your component doesn't necessarily realize it has to use the impersonated credentials, and my use the default credentials. I've had to program my way around these issues with ASP.NET, SharePoint, Dynamics CRM, Windows Workflow and other environments. I too have to think slowly and carefully when dealing with Windows security. My head hurts when I do it, and I don't always get all the details right until after I do some "playing" to make myself "think right" (proper application of the right Kool-Aid from Microsoft helps!) -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Bill Haskett Sent: Monday, April 19, 2010 7:57 AM To: U2 Mail List Subject: Re: [U2] [ud] Unidata as a SQL Server "Linked Server" via OLEDB Robert: But isn't it true that Windows Authentication can/is expected to work in an Active Directory, and in ASP.NET? I'm wondering if it works when setting up IIS (I seem to remember using it there too, along with anonymous). But, I'm always confused about Windows security, and often confused about Linux security. :-) Bill > > ------------------------------------------------------------------------ > Robert Houben said the following on 4/19/2010 7:47 AM: >> Windows authentication cannot be forwarded to another system. For security >> purposes it is not possible. >> >> -----Original Message----- >> From: [email protected] >> [mailto:[email protected]] On Behalf Of Kevin King >> Sent: Monday, April 19, 2010 7:23 AM >> To: U2 Users List >> Subject: Re: [U2] [ud] Unidata as a SQL Server "Linked Server" via OLEDB >> >> New information: In earlier tests I was logging in to SQL Server using >> Windows authentication. All queries with the linked server using >> IBM/Rocket's UniOLEDB driver failed. Over the weekend the client set up my >> user ID using SQL Server authentication, and the queries now work (on the >> old server; the new server is still a mess). The authentication method is >> the only thing that changed. This then begs the question: What Windows >> permissions are being respected by the UniOLEDB driver that it would work in >> one authentication scheme but not the other? >> >> -Kevin >> http://www.PrecisOnline.com >> _______________________________________________ >> U2-Users mailing list >> [email protected] >> http://listserver.u2ug.org/mailman/listinfo/u2-users >> _______________________________________________ >> U2-Users mailing list >> [email protected] >> http://listserver.u2ug.org/mailman/listinfo/u2-users >> _______________________________________________ U2-Users mailing list [email protected] http://listserver.u2ug.org/mailman/listinfo/u2-users _______________________________________________ U2-Users mailing list [email protected] http://listserver.u2ug.org/mailman/listinfo/u2-users
