Window account accessing between web app and sql db
Hello,I am new to window account security. I have question and asking for help. I have an account B need to access the web application. Account B does not have permission access to to SQL database. There is account A that we can use to access with full permission to objects on SQL database. We need to run a batch calling SSIS package from the command line on the web application utilizing account B However, accout B cannot access the SQL database. How is it possible that from the web, we redirect account B to use account A to run the SSIS package, without providing account A password?
October 9th, 2009 9:37pm

hello,a) I would generally prefer either enabling the B account direct access to the database or using the A's password on the web application.b) but you could use the Kerberos feature (with 2003 DCs) called Protocol Transition: http://technet.microsoft.com/en-us/library/cc739587(WS.10).aspxthis is a method that does not require any password for a user account to be provided by the logging-on web application. You would just call WindowsPrincipal(login) and it would log that user on and create a kerberos impersonation token with netwrok credentials for him.but there are severe security consequences to this. by enabling this feature for the user account under which the web application is running (may be Network Service/computer account) you are enabling the appilcation to log on quite any (if not disabled for some of them) user account from the domain. not just the A account.ondrej.
Free Windows Admin Tool Kit Click here and download it now
October 10th, 2009 10:49am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics