Connection String Using a Domain User?

Question

Previously for all our asp.net applications we have been using a sysadmin user within SQL Server to connect and add/update/delete/get data. Our SQL Admin wants to delete tha

Answer 1

Have a look at connectionstrings.com for every possible variation - a very handy resource I use all the time

Specifically, you want this format:

Data Source=myServerAddress;Initial Catalog=myDataBase;Integrated Security=SSPI;

This, of course, only works if the domain account in question is the one opening the connection.

There's no easy way to connect with arbitrary credentials - but you can impersonate the user in question and then connect.

This can be a bit of a pain. An alternative if the users are on the local network (or you control their browser config) is to use Kerberos authentication on your site. The pages will be served with the relevant user's permissions - then you can use the connection string above and IIS will connect to the Db with the appropriate credentials for each user. This is particularly useful from a security perspective as the Db is able to audit on a per-user basis, and permissions can be per-user/row/column instead of only per-app.