[thelist] asp to sql using Integrated Security=SSPI

Brian Delaney brian.delaney at mccmh.net
Thu Jul 29 15:41:17 CDT 2004 

ok, when I use the profiler I see the following:

The user that logs into sql is:       ourdomain\jaildivuser
This user runs the entire process. The user ID needs to have access to 
the local OS because there is a file transfer done.

When looking at the database the following users have access: 
BUILTIN\administrators, dbo(sa),  domain admins, and  jaildivuser

the ado string is as follows:

adoCon.OPen "Provider=SQLOLEDB;
Data Source=SQLDEV\SQLDEV; Initial Catalog=JAILRR; Integrated
Security=SSPI"

Any idea of how ourdomain\jaildivuser is logging into the database and performing the processes?

Just a note: on the webserver there is a system dns that connects to the database using the account
jaildivuser - but - the ado string is using Integrated Security=SSPI so it shold be ignored??


Thanks




Ken Schaefer wrote:

>On Wed, 28 Jul 2004 14:29:12 -0400, Brian Delaney
><brian.delaney at mccmh.net> wrote:
>  
>
>>issue is as such:  I have a Intranet web app that connects to sql 2000
>>via asp.
>>
>>my ado connection string is as such: adoCon.OPen "Provider=SQLOLEDB;
>>Data Source=SQLDEV\SQLDEV; Initial Catalog=JAILRR; Integrated
>>Security=SSPI"
>>
>>The sql database has only one user id(logon) associated with it:
>>jaildivuser. It is a  sql account and not a windows domain account.
>>
>>My objective was that the windows users logged in and using the app
>>would be passed to sql using this string.
>>
>>When the app runs you can see in the sql logs a successfull login for
>>jaildivuser.
>>
>>Strange problem is that no where in the asp code is the user id
>>jaildivuser referenced.
>>    
>>
>
>
>>From the information provided:
>a) You are using Integrated Authentication, but your authentication
>should be failing, since you mention that you have no permitted user
>for this database except JailDivUser
>
>b) Having only a single permitted logon is odd - usually the dbo would
>be listed, and mapped to "sa" (regardless of whether this is
>integrated or not)
>
>c) Have you used Profiler? or Process Info (in EM) to detemine what's
>happening under the covers?
>
>Thanks
>
>Cheers
>Ken
>  
>

More information about the thelist mailing list