Cross Domain Windows Endpoint Authentication?
Feb 13, 2007
Hi There
I have service broker working 100% with an initiator - forwarder - target, all in the same domain using windows authentication on the endpoints, for all instances' the sql server service run under the same domain account, which in turn is granted connect on the various endpoints. This all works 100%
However i have a scenario where the initiator will be in a different trusted domain.
I need to know if i am correct in thinking that the initiator sql server servcie account can run under DomainAsqlservice, the target instance sql server servcie can run under DomainBsqlservice, then on the forwarder i simply grant connect on the forwarder endpoint to both DomainAsqlservice and DomainBsqlservice.
Is this correct, will this work?
Thanx
View 6 Replies
ADVERTISEMENT
Jul 16, 2007
Hi,
I have a client running in a Domain A and a SQL server running in Domain B using Windows security. We don't want to put SQL Server in the mixed authentication mode.
I created a local group on de SQL server. Gave the group correct rights.
Added users from Domain A to that group. Although he prompted me for username password from Domain A it did work.
There is currently no trust between those domains. What kind of a trust should it be ? I believe that a one way trust where B trusts A should be enough.
Any suggestions.
CE
View 1 Replies
View Related
Jan 29, 2007
Hi:
I am trying to figure out if there is a way to connect via SQL Server Management Studio to a server sitting on a separate domain. So here is the situation. there is Server B which sits in a domain called DomainB. If I am in DomainA, I could typically remote into that server utilizing an IP address in DomainB, and even transfer files to that server. But how do I connect via SQL Server Management Studio(basically login as a different domain user) to Server B in DomainB from DomainA. Basically when I choose Windows Authentication from the dropdown list in SQL Server Management Studio, it grays out the username field, which is where I could type something like this domainBusernameondomainB, similar to how you would connect to a share on that server. Please let me know if there is a possibly solution to this. Also, our customer doesnot allow SQL Server Auth/Logins, so that is not an option. Thanks.
View 24 Replies
View Related
Apr 28, 2008
We have a SQL 2005 box that requires windows authentication but I have to connect a laptop that is not part of the domain. Is there any way to do this? Per company policy, the SQL server cannot be changed to use SQL Auth AND Windows Auth. Also per policy, the user's laptop cannot be joined to the domain since it's not a company laptop.
I've tried using the following command:
net use \SQLServerNameipc$ /user:DomainNameDomainAccount Password
and then using enterprise manager to register the sql server but it still says that the computer is not trusted.
Is there something else to this that I am missing or is this just not possible?
Thanks in advance for the help.
View 2 Replies
View Related
Nov 8, 2006
Hi
We are planning implementation of a currently Sybase db. The users (about 3600) will be i 5 domains and we want single sign-on through trusted connections. We want to use the database roles to define different user access on databases and tables. There will be around 2000 roles. We also want to add the users directly to the database roles without having to grant each user database access.
So I thought that I could add the user groups from all domains and then add each domain user account to specified database roles. Am I right here or what? The Windows authentication will lookup or check the users kerberos ticket during logon process and allow logon.
The documentation here is weak and I assume it's a windows authentication question but wondered if any of you guys had been down the same road.
For creating the groups I have the following options:
Create a domain group and put all the usergroups from the other domains in this group
Add user groups from all other domains directly into the SQL Server.
Any recommendations here?
View 3 Replies
View Related
Jul 23, 2005
Hi,I have a peculiar problem (or maybe not). I have SQL clients installedon XP boxes. These XP boxes are a member of let us say "XYZ" domain.SQL Server is installed on one of the boxes having Windows 2000 Serverin the same network. The installation has been done on local domainaccount. Since SQl Server has been installed with Windowsauthentication, what happens if the XYZ domain fails. Will it bepossible for all clients to access the database present on SQL Serverin the Win 2K box. I think I have made myself clear upto some extent.Please throw light on how to accomplish the connectivity between SQLclients and server in case of domain failure.Regards,Vinodi
View 2 Replies
View Related
Feb 24, 2007
If my SQL Server authentication is windows integrated authentication, whenever my application makes a connection to SQL server does it contact the windows active directory domain controller to authenticate the windows user account? How does windows integrated authentication work in the background?
View 9 Replies
View Related
Nov 16, 2006
Greetings,
One of my users gets the following error when he tries to connect to my SQL Server 2000 database using windows authentication via Query Analyzer:
[Micorsoft][ODBC SQL Server Driver][SQL Server] Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection.
Me and the server are located in Colorado and are on the NADomain. User is in London on the EURDomain. The EURDomain has a one way trust to the NADomain to use NADomain resources. I have granted access to the database to the user via Enterpise Manager as EURDomainuserid. All the literature I've read says this should be sufficient to connect but isn't. User can connect with SQL Server authentication. Users on the NADomain in Toronto can connect just fine with Windows Authentication. EURDomain user can access other file server resources in the same building as the SQL Server in Colorado.
SQL Server version is:
Microsoft SQL Server 2000 - 8.00.818 (Intel X86) Standard Edition on Windows NT 5.0 (Build 2195: Service Pack 4)
EURDomain Client ODBC version is 2000.85.1022.00 and MDAC is 2.8.
Any help is greatly appreciated.
View 5 Replies
View Related
Mar 10, 2008
Hi There
I just want to be 100% sure about something.
Certificates generated for use with service broker endpoints must be generated in the maste database, correct?
What are the implecations of the master key is changed for the master database ?
Thanx
View 9 Replies
View Related
Apr 24, 2008
Hello,
I created a HTTP-Endpoint on SQL Server 2005. Now I try to call this web service from a c# client but using SQL-Server authentication (i.e. my user is a sql server user but not a windows user). But it doesn't work.
I can connect to the service using a windows user and NTLM authentication. But for some reasons Iwould much prefer if I could use SQL-Server authentication. Is it possible?
Here is how I created the endpoint:
Code Snippet
CREATE ENDPOINT myService
STATE = STARTED
AS HTTP(
PATH = '/services',
AUTHENTICATION = (INTEGRATED ),
PORTS = ( SSL ),
SITE = '*'
)
FOR SOAP (
WEBMETHOD 'GetStuff'
(name='MyDB.dbo.FKT_getStuff',
SCHEMA=STANDARD ),
WSDL = DEFAULT,
LOGIN_TYPE = MIXED,
SCHEMA = STANDARD,
DATABASE = 'MyDB',
NAMESPACE = 'Services'
);
GO
Thanks!
Jerma
View 5 Replies
View Related
Feb 12, 2007
I created a HelloWorld like example using InforPath 2007 and endpoint with SQL Server 2005. Very simple example.
I created a stored procedure that took in one parameter, a datetime field. This parameter is then inserted into a db table that has two columns, an id column and a datetime column.
I took the store procedure just discribed to create an endpoint. Cool. The WSDL is showing, I'm feeling good.
I go to InfoPath and make it so that submit a datetime to the webmethod associated with the endpoint. The data table shows one more row has been added and it is the datetime I sent from InfoPath. YEA!! I go to the Event View and see that I have an error message. The message is HTTP authenticaiton failed. [CLIENT: 10.8.2.26]. Bummer!!
This does not make sense to me. I am able to update the targeted database table but I get an exception. I do not like exceptions nor warnings without an explanation. Does anyone have an idea why this is happening?
The endpoint code looks like: <code snippet>
CREATE ENDPOINT [GeraldTesting_endpoint]
AUTHORIZATION
STATE=STARTED
AS HTTP (PATH=N'/testEndPoint',
PORTS = (CLEAR),
AUTHENTICATION = (INTEGRATED),
SITE=N'*',
CLEAR_PORT = 8080,
COMPRESSION=DISABLED)
FOR SOAP (
WEBMETHOD 'testEndPoint'
( NAME=N'[geraldstest].[dbo].[Gerald_Test_Proc]'
, SCHEMA=STANDARD,
FORMAT=ALL_RESULTS),
BATCHES=ENABLED, WSDL=N'[master].[sys].[sp_http_generate_wsdl_defaultcomplexorsimple]',
SESSIONS=DISABLED, SESSION_TIMEOUT=60,
DATABASE=N'geraldstest', NAMESPACE=N'http://tempuri.org', SCHEMA=STANDARD, CHARACTER_SET=XML)
</code snippet>
I had to give up for the project I am currently working because of time constraints. But in the future, for out-of-the-box functionality for proof-of-concept/prototyping, I would like to use endpoints.
View 3 Replies
View Related
May 11, 2007
How to give authentication for Send Mail Task component?
View 4 Replies
View Related
Feb 28, 2004
Hi All - Need some Replication help...
I built SP's to create the Distributor/Publisher and Subscriber parts of Snapshot Replication. All run fine on 2 SQL2K installs on the SAME Domain.
BUT if I try to cross to another Domain (SQL2K as well) = NO JOY.
Error @ Subscriber doing a PULL: "Cannot connect to Distributor..."
Tried using sa, administrator, NEW Local user, etc. & continue getting the error. ALSO tried changing the Login of SQL & SQL Agent Services to the SAME Login on BOTH machines.
Help me beautiful SQL Gurus!!!
RobbieD
View 9 Replies
View Related
Jul 8, 2015
We are using SQL Server 2012 . We have configured the Database mail Services. Issue is, the mails are going to only inside the domain not going cross domain Email address like hotmail,gmail and etc. But from outlook client the mails are going to cross domain Emails. Same issue is in SSRS Email Services also. We have checked the SMTP Server, we could not figured it out.
View 2 Replies
View Related
Jan 31, 2007
I am just about ready to tear my hair out on this one, at this point you guys are my last resort! Wouldn't it be nice if I could go to bed and have an answer for me in the morning....
I've had a working HTTP endpoint using Basic Authentication over SSL for months in our development environment, but now I'm moving our application to a production server and I'd like to be able to use Digest Authentication in the clear instead so the processor doesn't waste cycles on the SSL decryption. I've spent hours fiddling with my endpoint to no avail.
This is the closest message relating to what I'm doing that I've been able to find: http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=1131251&SiteID=1
In my case, the SQL Server is joined to a domain that is entirely Windows Server 2003 - no Windows 2000, so support for Digest Authentication is a non-issue. I'm also explicitly doing a GRANT CONNECT on my endpoint to the domain user I'm using. Here is the top of my CREATE ENDPOINT DDL:
CREATE ENDPOINT [Kudos]
STATE=STARTED
AS HTTP (PATH=N'/Kudos',
PORTS = (CLEAR),
AUTHENTICATION = (DIGEST,NTLM),
SITE=N'echobase.kudosnow.com'
DEFAULT_LOGON_DOMAIN = N'kudosnow',
AUTH_REALM = N'kudosnow'',
CLEAR_PORT = 80,
COMPRESSION=DISABLED)
FOR SOAP (
I am debugging using wfetch 1.3... I can get this to work using NTLM Authentication; sending a GET to my endpoint with the ?wsdlsimple querystring parameter returns my WSDL just fine.
But Digest just doesn't want to work! If I remove NTLM from my AUTHENTICATION directive and try using Digest with wfetch or from my (PHP) web service consumer I get an HTTP 401 no matter what I do. I've tried fiddling with the DEFAULT_LOGON_DOMAIN, AUTH_REALM, and anything else I can think of.
The errors I am sporadically finding in the SQL Server error log are:
HTTP authentication failed. [CLIENT: 192.168.245.238] from source Logon
Followed by:
Error: 26026, Severity: 14, State: 1. from source Logon
I can't find any detail about the second error.
........
Just occurred to me that I've also been trying to view my WSDL directly in IE, and this is what's causing the SQL error to be logged, not wfetch - that's why it appeared sporadically.
So, wfetch isn't causing an 'HTTP authentication failed' error, but Internet Explorer is... maybe Digest Authentication isn't implemented correctly in wfetch?
Regardless... I'm still not able to authenticate from IE or from my client, but this may shed some more light on the issue.
Does anyone have any ideas?
View 4 Replies
View Related
May 13, 2015
Lets say I have a single instance SQL Server on a 2 node cluster with node names Server X and Server Y. These are part of Domain A.
SQL Agent Account runs under service account - DomainASQLAct.
Now I have Server Z which is a standalone SQL Instance on Domain B and there is no trust between domain A and B, not even one way trust.
Even though I dont have trust, I need to configure log shipping for the SQL Instance which is clustered under Domain A to a standalone box in Domain B.
Microsoft recommends Local Account(SQL Agent) to be used for Cross Domain Log Shipping. Also when there is no trust, MSFT recommends to use the same login name and password, however as my setup includes a cluster and cluster cannot have local account I'm not sure what will be the best strategy to follow here.
View 8 Replies
View Related
Apr 18, 2007
Hi there,I have installed MS SQL Server 2005 on my machine with windows authentication. But now I want to switch the authentication mode to SQL Authentication. I am unable to switch, I can’t find the proper way to do so here in 2005.Could any one help me in doing this?Thank you,-Ahsan
View 1 Replies
View Related
Mar 25, 2004
Hello,
(Using win2k, sqlserver2k, framework 1.1)
I have an fairly data-heavy application that uses Windows authentication (Trusted connection/aspnet account) to connect to Sql Server. The site uses IIS basic authentication.
On the dev server everything works fine but when I move to the live server things get strange and it starts to crawl along. (Pages load OK but then it just crawls as it loads the datagrids etc. Sometimes it brings back incomplete/incorrect data )
BUT When I use Sql Authentication to connect to Sql Server and there is no problem at all!
Ok, there is something obviously wrong with the live server (which is identical setup to dev)but I dont know where to start.
Any ideas??
View 2 Replies
View Related
May 15, 2006
Hi all,
I've got two applications which both have a database on my MS SQL 2000 server. The problem is, one application must use Windows Integrated Authentication (which it is currently using and cannot be changed) whilst the other application which I'm trying to configure must use a SQL password.
Since the server has already been configured to use Windows Integrated Authentication for the existing database and application, how do I configure the other database to use the SQL password?
Thanks.
View 1 Replies
View Related
May 12, 2006
Hi all,
My work is using a shared application
which accesses a MSSQL 2000 database. To access the application, the
folder on the Windows 2003 Server is shared and users can access the
folder through a shared drive.
For the application to access the
database, it uses an ODBC connection to the MSSQL server which
originally used the SA password.
We have recently switched to using
Windows Integrated Authentication because we believe it offers a
higher level of security. However the only way in which we have been
able to enable this is to add the windows users to the SQL server.
The problem with this is that the
application sets permissions for individual users on what records
they can see within the database. We have found that by adding the
windows users to the SQL Server, they can bypass the permissions the
set by the application by simply using any application that can use
an ODBC connection, such as Enterprise Manager, and see all the
database.
One way around this would be to set up
domains of users with access privileges to the tables which reflect
the permissions set by the application, and configuring a view of the
data so they may only see the records that they have permissions to.
However to do this would require a high administrative cost to ensure
that changes made in the application are reflected in the privileges
of the SQL server.
Instead, is there a way the SQL server
can authenticate that the ODBC connection is coming from the correct
application using Windows Integrated Authentication?
This would allow the applcation to
determine security, and stop users from connecting to the SQL server
using other applications.
Alternatively, can the SQL server,
using Windows Integrated Authentication, also ask the application to
supply a username and password?
Any help with this matter would be
greatly appreciated.
Thanks!
View 4 Replies
View Related
Jul 3, 2015
I have created SSIS package to transfer table data(1500 rows tbl size=140 MB).
To transfer data across the network its taking around 1 hr.
I have tried by removing indexes and constraints on destination table.
How should I improve the speed as the table is very small.
View 0 Replies
View Related
Jul 25, 2007
I want to use Transaction(MS DTC) in SSIS package across domain. It's working fine if both the servers are in Corpnet microsoft domain but failing it one of the server at extranet microsoft domain. I did all the required settings for MS DTC service to run for distrubuted transaction and in SSIS package did the "TransactionOption" property for the container object to "Required" and for all inner tasks to "Supported". Is it possible or a Security voilation which won't allow to do through SSIS package.
Example: I have a database on Extranet server and a database at Corpnet Server.
Sql Job will pull the data from Extranet Database to Corpnet database through SSIS package and update back to Extranet database. Job will reside on Corpnet server.
SSIS package is failing with the error message: The AcquireConnection method call to the connection manager "<Connection Manager name>" failed with error code 0xC0202009.
Any special setting do we require for this. I did the following setting on both the servers:
Ø MS DTC should run on both the servers under €œNetwork Service€?
Ø Set the following on both the servers(ExtranetCoptnet) to run on a Distributed Transaction:
§ Go to "Administrative Tools > Component Services"
§ On the left navigation tree, go to "Component Services > Computers
§ €œMy Computer" (you may need to double click and wait as some nodes
need time to expand)
§ Right click on "My Computer", select "Properties"
§ Select "MSDTC" tab
§ Click "Security Configuration"
§ Make sure you check "Network DTC Access", "Allow Remote Client",
"Allow Inbound/Outbound", "Enable TIP"
§ The service will restart
Note: If I will chage the Extranet server to Corpnet then it's working file for me.
View 1 Replies
View Related
Mar 31, 2008
Hi,
We have two domains in our organisation, both with transitive trust of one another.
In our main domain we have a report server which is available for all users across both domains to access and use. Most of the time there isn't a problem but I'm having a bit of an issue with users from our second domain accessing a linked report containing 13 subreports.
The main report is fine and all users can view this, however, all subreports show an error message to users in our second domain.
As a bit of an experiment I have even given one user Content Manager rights on the report server but this hasn't solved the problem. I have checked that permissions are correct on ther server, folders and data sources dozens of times and cannot find any reason why second domain users are having this problem.
If anyone has any suggestions on how to solve this I would be grateful for help.
With humble thanks in advance,
Paul
View 3 Replies
View Related
Mar 26, 2008
Hallo there,
I just upgraded from Windows XP Pro to Windows Vista Bussiness and tried to reinstall SQL Server 2005 Developers Edition. After the installation i downloaded (using microsoft windows update) and installed all the service packs for sql and vista available.
My problem is when i open sql server management studio and try to connect to my default instance using windows authentication and database engine, an 18456 error occurs.
I enabled all the protocols and all the ports
I disabled windows firewall and antivirus (eset nod32)
I installed all service packs available
I have also installed Visual Studio 2005 without installing sqlexpress
But nothing happens!
Please i am very desperate, any information will be gratefully accepted.
This is my installation Information
Code Snippet
Microsoft SQL Server Management Studio 9.00.3042.00
Microsoft Analysis Services Client Tools 2005.090.3042.00
Microsoft Data Access Components (MDAC) 6.0.6001.18000 (longhorn_rtm.080118-1840)
Microsoft MSXML 3.0 5.0 6.0
Microsoft Internet Explorer 7.0.6001.18000
Microsoft .NET Framework 2.0.50727.1434
Operating System 6.0.6001
Thank you in advance,
Patonios
View 3 Replies
View Related
Sep 26, 2006
I'm trying to run a test from my test environment which is a non-domain Windows 2000 server to access my domain 2003 with SQL2005. I have install 2005 tools to try to access the SQL server.
- I have try following the KB265808 - no success.
- Reading alot of blogs and it seems all are pointing to the same problem. "Remote access" but the settign is enabled.Error Message:
TITLE: Connect to Server
------------------------------
Cannot connect to ardsqldatawh.
------------------------------
ADDITIONAL INFORMATION:
An error has occurred while establishing a connection to the server. When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server) (Microsoft SQL Server, Error: 53)
For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&EvtSrc=MSSQLServer&EvtID=53&LinkId=20476
Question: Could Windows 2003 security be blocking access? I'm using sa account to access.
Also, sa account does not seems to work for remote access. It is ok when accessing locally.
Any help would be appreciated.
949jc
View 1 Replies
View Related
May 13, 2008
I setup CRM 4.0 in one domain with a domain service account. SQL Reporting is located on the same machine using the same service account. SQL is on a different machine. These are in the same single domain forest which has a two way trust relation with another domain of a separate single domain forest. Both domains are W2k3 Native Mode.
The CRM application allows access to users in both domains. The reports are generated with accounts in the first domain where CRM and SQL Reports is located but not for users in the other domain. The CRM's report viewer window displays "The report cannot be displayed."
The following are events that are related to the error:
On CRM server:
Event Type: Warning
Event Source: ASP.NET 2.0.50727.0
Event Category: Web Event
Event ID: 1309
Date: 5/13/2008
Time: 6:55:19 AM
User: N/A
Computer: CRMSERVER
Description:
Event code: 3005
Event message: An unhandled exception has occurred.
Event time: 5/13/2008 6:55:19 AM
Event time (UTC): 5/13/2008 1:55:19 PM
Event ID: cc4c29c8f4be4e82ac0eee1234a15dc6
Event sequence: 77
Event occurrence: 1
Event detail code: 0
Application information:
Application domain: /LM/W3SVC/2/ROOT-1-128551603464644692
Trust level: Full
Application Virtual Path: /
Application Path: C:Program FilesMicrosoft Dynamics CRMCRMWeb
Machine name: CRMSERVER
Process information:
Process ID: 3340
Process name: w3wp.exe
Account name: CRM Service Account
Exception information:
Exception type: CrmReportingException
Exception message: An error has occurred during report processing. (rsProcessingAborted)
Request information:
Request URL: http://CRMServer:5555/OrganizationDev/CRMReports/rsviewer/reportviewer.aspx
Request path: /OrganizationDev/CRMReports/rsviewer/reportviewer.aspx
User host address: 172.x.y.z
User: OTHERDOMAIN estuser
Is authenticated: True
Authentication Type: Negotiate
Thread account name: CRM Service Account
Thread information:
Thread ID: 1
Thread account name: CRM Service Account
Is impersonating: False
Stack trace: at Microsoft.Crm.Web.Reporting.SrsReportViewer.ConfigurePage()
at Microsoft.Crm.Application.Controls.AppUIPage.OnPreRender(EventArgs e)
at System.Web.UI.Control.PreRenderRecursiveInternal()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
Custom event details:
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: MSCRMReporting
Event Category: None
Event ID: 19969
Date: 5/13/2008
Time: 6:55:19 AM
User: N/A
Computer: CRMSERVER
Description:
Web service request SetParameters to Report Server http://CRMServer/reportserver failed with SoapException. Error: An error has occurred during report processing. (rsProcessingAborted)
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
On SQL Server:
Event Type: Failure Audit
Event Source: MSSQLSERVER
Event Category: (4)
Event ID: 18456
Date: 5/13/2008
Time: 6:55:18 AM
User: NT AUTHORITYANONYMOUS LOGON
Computer: SQLServer
Description:
Login failed for user 'NT AUTHORITYANONYMOUS LOGON'. [CLIENT: 172.a.b.c] This is the IP address for the CRM server.
The take away from the events is either the SQL Reporting or CRM is attempting to access the SQL service with the Anonymous account. I expect it's SQL reporting because the CRM application is not having problems letting in the other domain users. The problem occurs only on reports.
I tried the following:
1. Applied the steps in the CRM Planning Guide for "Taks for a native mode domain with users in a mixed-mode domain." This adds the other domain users to a domain local group. Then assigns Browser access to the SQL reports and SQL database access to the group.
2. Set the CRM server to be trusted for delegation (kerberos only)
3. Created SPNs for http/crmserver domaincrmservice and http/crmserver:5555 domaincrmservice and http/crmserver.domain.local domaincrmservice and http/crmserver.domain.local:5555 domaincrmservice
Any suggestion?
View 6 Replies
View Related
May 8, 2003
Hello
Can anyone tell me what is the difference between sql authentication and windows authentication.
Examples of each would be very useful
Many thanks in advance
Steve
View 2 Replies
View Related
Oct 16, 2006
Would anyone please help me out here. which of the 2 modes of authentication is better and why??
View 3 Replies
View Related
Dec 18, 2006
Hi,
Say, I have configured my SQL to use Mixed Authentication. Now, I have a applicaiton which uses my SQL Server. The application just creates a database in SQL Server and uses the database to store its information.
This application also has a SYSTEM DSN under ODBC through which it accesses the database. For the application to access this database, should I only use SA (as my SQL instance is configured to use Mixed Authentication) or can I use Windows Authentcation too...
If I should only use SA, do we have a documentation which talks about this.
Thanks
Santhosh
View 1 Replies
View Related
Mar 12, 2008
For using different services of SQL SERVER 2005 which is better...
Windows Authentication or SQL Server Authentication?
what are the advantages and disadvantages of both?
View 5 Replies
View Related
May 14, 2008
Hi folks,
I have created an EndPoint in SQL Server 2005 as per the code below.
CREATE ENDPOINT OSTC_LMS_Endpoint
AUTHORIZATION LMSEndPointUsers
STATE = STARTED
AS HTTP(
PATH = '/ostc_sql_endpoint',
AUTHENTICATION = (BASIC),
PORTS = (SSL),
SITE = 'OSTC-DEV-001'
)
FOR SOAP (
WEBMETHOD 'ostc_SQLSoapTester'
(name='OSTC_LMS_06.dbo.ostc_SQLSoapTester',
FORMAT = ROWSETS_ONLY,
SCHEMA=STANDARD),
WSDL = DEFAULT,
LOGIN_TYPE = MIXED,
SCHEMA = STANDARD,
DATABASE = 'OSTC_LMS_06',
NAMESPACE = 'http://tempUri.org/'
)
GO
USE master
GRANT CONNECT ON ENDPOINT::OSTC_LMS_Endpoint
TO [LMSEndPointUsers]
GO
USE master
GRANT CONNECT ON ENDPOINT::OSTC_LMS_Endpoint
TO [ostc-dev-001endPointUsers]
GO
-----------------------------------------------------------------------------------------------------------------
The SPROC being exposed as the webmethod: -
USE OSTC_LMS_06
IF EXISTS (SELECT name FROM sysobjects
WHERE name = 'ostc_SQLSoapTester' AND type = 'P')
DROP PROCEDURE ostc_SQLSoapTester
GO
CREATE PROCEDURE ostc_SQLSoapTester
@UsersId char(12)
AS
SET NOCOUNT ON
SELECT FIRST_NAME,FAMILY_NAME
FROM USERS
WHERE USERS_ID = @UsersId
GO
USE OSTC_LMS_06
GRANT EXECUTE ON ostc_SQLSoapTester
TO LMSEndPointUsers
GO
USE OSTC_LMS_06
GRANT EXECUTE ON ostc_SQLSoapTester
TO [ostc-dev-001endPointUsers]
GO
----------------------------------------------------------------------------------------------------------------
The computer in question is our dev server and is running as a workgroup machine with the following: -
Win Server 2003
SQL Server 2005
.net Framework 2.0
No firewalls or Proxies are in the way.
The computer has to be as a workgroup machine to reflect our live server.
The user LMSEndPointUsers is a SQL Server Login
The user ostc-dev-001endPointUsers is a machine login
We have employed the Security class as per the information given in the SQL Server documentation with the intention of using the WS-Security headers that apparently are to be used when trying to authenticate using a SQL Server login.
----------------------------------------------------------------------------------------------------------------
Code used to connect and try and reciev the dataset.
string sUserName = "userName";
string sPassword = "Password";
LMS_Endpoint.OSTC_LMS_Endpoint wsSQLTester = new LMS_Endpoint.OSTC_LMS_Endpoint();
SqlSoapHeader.Security sqlSec = new SqlSoapHeader.Security();
sqlSec.Username = sUserName;
sqlSec.Password = sPassword;
XmlWriter writer = XmlWriter.Create("Security.xml");
writer.WriteStartElement("security");
sqlSec.WriteXml(writer);
wsSQLTester.sqlSecurity = sqlSec;
DataSet dsMySet = wsSQLTester.ostc_SQLSoapTester("RH6915145507");
Basically authorization is denied 401.
Hope someone can help here as have tearing my hair out.
Thanks in advance
View 2 Replies
View Related
May 30, 2007
We're getting an error where we can't add a login with the full dns name of a user - domain.xyzuser, for example. Get an error 15401, "Windows NT user or group domain.xyzuser' not found". The domain has a different Netbios name and DNS domain names, so we can add the user when we use the form "netbiosnameuser". So far so good.
Unfortunately, we have another application - Office Share Point Server whose shared services provider won't run, giving errors in the event log every 60 seconds that "Windows NT user or group 'domain.xyzuser' not found".
It looks as if SQL insists upon listing users in the form netbiosdomainnameuser, and applications that look for domain.xyzuser simply fail to authenticate.
Suggestions?
jnfranc at yahoo period com
View 3 Replies
View Related
Apr 4, 2007
Hi,
I am new to Reporting Services. I want to use Reporting Services 2005 in our application.
My custom web application is on one machine and Reporting Services 2005 is on other machine. I am using Forms Authentication and using Single Sign On for login
If my custom web application and Reporting Services are on same machin I can get "Authentication Ticket" issued by ReportingServices2005 to the Report server.
But in this case I am not able to get "Authentication Ticket" on Report Server since it is on other machine.
I am using ReportViewer control in my web application to display Reports and using LogonUser method to get the Authentication Ticket.
How can I pass CookieAuthentication ticket from my Custom Web Application to Report Server?
Is there any work around to pass Authentication Cookie across Domain or any other solution for this?
Regards
Amit
View 3 Replies
View Related
