We are using a Windows Server 2012 box to host a QlikView server. Users access a QlikView portal via their web browser, and never need to login to the actual windows box, however they are authenticated by their windows username and password.
I have created random passwords for every user but I would like to allow users to change these without needing to login to the actual box remote. Is this possible?
Thanks
Related
I have a Microsoft Access Application which generates a connection string like:
Provider=SQLNCLI11;Server=servername;Database=db_name;Trusted_Connection=yes;
This works without any problem.
What I want to do is to connect to a SQL Server instance where the user must insert his Active Directory name and password.
Like this:
Provider=SQLNCLI11;Server=servername;Database=db_name;Uid=username;Pwd=password;
This only works for users which are created on the SQL Server directly.
I tried Uid=DOMAIN\username, but it isn't working.
Is this possible? Or is there another way how I can get through this?
The environment:
The User is using a local PC with a local account and then he's doing a "NetworkConnect" with his AD-User and password.
After that, "RunAs" as his AD-User is working BUT there is another Application that is started from the Access Application and this App must be started with the local User-Account.
SQL-Server and the AD-User are member of the same domain.
Your choices are
Login to SQL Server using your the Windows Domain account that you are currently logged into. You do this automatically by specifying Trusted_Connection=yes;, or
Login to SQL Server using a SQL Login.
Those are the only two choices possible using a SQL provider connection string. Specifically, you cannot use the SQL access provider to do impersonation, that is, to login to SQL Server using a different Windows domain account than the one that you are currently logged into.
Microsoft designed the AD integration with SQL Server to use the account of the client application, not to be able to handle logging in as a part of the connection string. If the user isn't going to be logged into the machine using the account needed for the database access, the next best option may be something like ShellRunAs in order to let the user run your client app as the correct AD account.
To express myself better i start by example.
In my client server application there is a users table.
Each user is mapped to a sql server user.
The database is full of tables, anyway each user can query just 1 table.
The table contains the following information:
the version of the database (so the client app can check whether the database version matches with the client version)
the db admin login name (tipically "sa")
the db admin password (this is encrypted with custom algorithm for security - please note i install a dedicated Sql Server Instance for my applciation)
I make sure each user can query just a table by executing for each user:
GRANT SELECT ON ConnectionTable TO LoginName
So the full flow is:
1) the user inserts username/password
2) the client application retrieves all the info from ConnectionTable
3) the client applicaion decrytpts the sa password
4) the client application logs in as sa so all tables are visible and editable
Now this is what i have (legacy) and I cannot change it.
Somehow this "custom login trick" has been done to avoid to write somewhere on the client the sa password, many client server software i know in fact all use sa to connect and user/password are just two fields of a simple USERS table, but the real connection string is somehow (with a certain degree of security) saved on a file in each client; in my case the "connection string" is stored in the database so as a user logs in to the database (even if with a user that has a restricted access) he gets all he needs to succesfully login.
Since i install Sql Server in mixed mode i support also Windows AUthentication.
So at login the user has a switch to choose between SQl Server and Windows Authentication, as it happens when connecting to SS Management Studio.
What i am trying to achieve now is to login as another user.
I would like that the user checks "Windows Authentication" but he/she can still type the username and the password.
My application is written in Delphi using the SDAC components. As far as i understand SDAC does not allow to perform what i need to do, but i could change only the login part using anothe DAC (Firedac for example). My goal is to login as another windows user.
The final goal is to query ConnectionTable so that i can retrieve the encrypted sa password and login.
So my question is:
is it possible (in Delphi Seattle VCL Application) to login to a Sql Server database by setting a windos user different than the current logged in user?
UPDATE:
To better explain my need i describe the real scenario that generates my requirement.
I created a web applciation (using VCL for the web) that uses the same authentication method as my client server application does.
Imagine my user is MyDomain\MyUser, when I am in LAN i will use Windows authentication to login, but when I login let's say from my Android Phone I would like to login as MyDomain\MyUser by providing password. This is the case, in fact i do not need to impersonate other users, i just want to login with my user when i am not logged in on a Windows pc in a LAN.
So somohow at the login screen of my application i would like to choose Auth: Win/SQL and in case Win is chosen, i would like to pass the actual username and password to login.
I hope this clarifies more the scenario.
Moreover i also host my application in the cloud and in this case all users are WIndows authentication users of a domain that i created for administratrive purposes, and each user needs to provide username and password to login.
My request comes from the fact that I always supposd that Winows Authentication = LDAP and therefore in LDAP it is possible to specify user and password, while in sql server it looks somehow user is pre-defined (and = to the logged in user) in case of Windows authentication.
I recently set up SQL Server 2014 Express on my computer. During the installation process I merely selected Windows authentication, assuming I would be able to create other accounts later. I tested several things with C# using integrated authentication.
The problem arose when I attempted to use an account. I logged in using Windows authentication to change the sa password in SQL Server Management Studio. But when I attempt to so, and close the dialog, open it again, then the password is back to the 15 character default which I do not know. Enforce Policy is not on and I have no idea what might be causing this...
You need to check if you've enabled mixed mode authentication by:
right click on Server name after you've logged in as a windows user
Click Properties
Click Security
Check that the 'SQL Server and Windows Authentication mode' option is selected.
Then you can change the password for sa by going expanding the Server item and going to Security -> Logins -> Right click on sa -> Click Properties
Change the password here and CLICK OK.
Log out, log back in as sa, after selecting SQL Server Authentication just above where you enter the user name.
When running tomcat 7 as a windows service I can connect SQLServer with SQLServer Authentication but when connecting through Windows Authentication it seems to fail.
From what I know process running under windows services are user independent and run under a user named "SYSTEM" . Is there a way I can add SYSTEM to SQLServer users ?
Every thing seems to work if I run the code via Eclipse i.e. Under a user process.
You need to add a new Login of your Machine (Machine where your service is running) on MS SQL Server machine.
For example your are on domain "DomainName" and your hostname is "MachineName", you need to add a new Login "DomainName\MachineName$" on SQL Server. Note the $ sign at the end indicates that this is a computer name.
Follow the Steps below to add a new login on MS SQL Server:
Open SQL Server Management Studio and Login as 'sa' user.
Open Security -> Logins
Right Click on Logins and New Login...
Enter the Login name "DomainName\MachineName$" in General Tab
Select Windows Authentication radio box
Select tab "Server Roles" and check the box against "sysadmin"
OK and then Restart your SQL Server Service.
I have SQL Server 2008 with BIDS, I have installed sql server myself and i am administrator of machine. Now I am able to make reports using BIDS, I am also able to login(windows authentication) to report server using SSMS, but when i try to access report manager URL it asks me for Username/passowrd. I am not sure what to give there as till now from SSMS i could manage with windows authentication for database engine.
SSRS always uses Windows authentication so your user name and password that you're seeing is your Windows login. There is no separate account just for Report Manager. If you're seeing a prompt, you might have UAC enabled and it's prompting you because of that. Or your browser is not enabled for Windows integrated security. You can add the Report Manager URL to trusted sites or Intranet sites if you're using IE.