[RESOLVED] AD SSO / Mail / Database / ASPX

[pavan]

Hi All

I am creating a aspx application which needs to conenct to the database, mail server as an when required.

My Database server (currently using SQL Server 2005) and the Mail Server (currently using MS Exchange) use active directory for authentication.

I need to implement the SSO to the DB and the mail from my aspx appliction. I have implmented SSO for domains and sub domains but not for different services. I have gone through the internet and found amny articles which talk about having a SSO and how to manage using hte machine key to the domain and the sub domain validations.

I am not aware how to use it for logging to the database and the mail server.

Plz help.

Thnx in advance.

[gep13]

Hey,

Just to confirm, the SSO that you are referring to, do you mean Single Sign On.

If so, the connection to the database would be simply what is listed here:

http://www.connectionstrings.com/sql-server

Use a trusted connection, and then use ASP.Net Impersonation to pass the credentials of the current user through to ASP.Net:

http://msdn.microsoft.com/en-us/libr...18(VS.71).aspx

As for the Mail Server, the same technique can be used.

Gary

[mendhak]

All you need, I think, is Windows Authentication and ASP.NET Impersonation. Have the user login with their credentials, and the web app will run under that user's security context. Therefore, if the user has been granted permissions against SQL Server or Exchange, they'll be able to call its methods just fine.

[pavan]

Hey,

Just to confirm, the SSO that you are referring to, do you mean Single Sign On.

If so, the connection to the database would be simply what is listed here:

http://www.connectionstrings.com/sql-server

Use a trusted connection, and then use ASP.Net Impersonation to pass the credentials of the current user through to ASP.Net:

http://msdn.microsoft.com/en-us/libr...18(VS.71).aspx

As for the Mail Server, the same technique can be used.

Gary

Yes .. By SSO I am referring to Single Sign On.


One thing here is that I want to pass the credentials dynamically. I dont want the identity credentials for impersonation in Web.Config because this will be for one user only.

I want to do it like each user when he logs on to my application should get access to database and the mail server.

I am trying to do this because when we take a login history of the database it should show how many users and who are all teh users that are logged in.

Also for sending mails I want to use the credentials of the logged in user, sinc ethe from ID should be from the specific users who are actually sending out mails.

I have browsed some more on the web and found this link for impersonation, but even though it is changing the Environment.UserName, it still seems to work under the main identity, because I tried running this code by removing permissions to one user name and trying to impersonate that user, still the application is able to access the resource.

[mendhak]

See my post just before yours (we posted at the same time so you might have missed it. Or you just don't like me )

Your SQL connection string would have Integrated Security in it.

Data Source=myServerAddress;Initial Catalog=myDataBase;Integrated Security=SSPI;

Not sure how you're connecting to Exchange though.

[gep13]

Hey,

To be clear, this is what I was suggesting as well

Gary

[pavan]

See my post just before yours (we posted at the same time so you might have missed it. Or you just don't like me )

Your SQL connection string would have Integrated Security in it.

Data Source=myServerAddress;Initial Catalog=myDataBase;Integrated Security=SSPI;

Not sure how you're connecting to Exchange though.

For Exchange, I am using the SMTPClient.Credentials to pass the network credetials(right now I have got the creditails in the config file of one user and all teh mails will be sent using this user identity. I want to send the mail with user identity who has logged in.)

I want to change this though.

And as you said we posted at the same time and I did miss your previous post. and for the database I am using integrated security as you have specified.

[gep13]

Hey,

Once you have implemented impersonation in the web.config file, you should be able to use the DefaultCredentials property, as this will be running as the context of the logged in user.

For this to work, remove the credentials from your web.config file.

Gary

[pavan]

Thanks Mendhak / Gary.

[gep13]

Not a problem at all.

Glad you got it working!!

Gary