Q

Application not resolving username and password

.

I am working with a SQL programmer who has created an application running on Windows NT 4.0 running SQL Server 7.0. He claims the product will work on Windows 2000 running SQL Server 2000. Indeed it does, except it does not resolve the username and password of Windows users. It does resolve standard user (SQL authentication). The server is configured to authenticate both SQL and Windows. I've tried changing the configuration to be Windows authentication only. But this did not help. I can connect to the database using tools such as Query Analyzer and Windows Authentication option checked and from client machines where ODBC is resolving username and password with Windows authentication. Am I correct that the problem lies within his programming code? What else would you do to diagnose the problem?

If you can connect to SQL Server and access the user database using Query Analyzer from the client machine logged

in as the same windows user who executes the application, then you are right, the problem is surrounding the way the application is connecting to SQL Server rather than any general SQL Server authorization set up issue.

Forgive me if I am stating the obvious but it must be cleared up. For the application to use Windows Authentication it must have an option to choose between Windows Authentication or SQL Server Authentication. You do NOT type in the username and password of your Windows User Account into the application to connect to SQL Server using Windows Authentication. You only type in a username and password into an application to use SQL Server Authentication, the Windows Authentication information is based on the user who you are currently logged into Windows as.

For the application to connect to using SQL Server using Windows Authentication it will have to send a different connection string than what it sends when connecting using SQL Server Authentication. Check with your developer to ensure that the correct connection string is being set within the application.

I would also run SQL Server Profiler and trace the "SecurityAudit:Login" and "SecurityAudit:Login Failed" events. From this trace you can see 1) If the application is even trying to connect to SQL Server when the application is using Windows Authentication and 2) If what authorization credentials are being sent to SQL Server.

For More Information

This was first published in April 2006

Dig deeper on SQL Server Security

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchBusinessAnalytics

SearchDataCenter

SearchDataManagement

SearchAWS

SearchOracle

SearchContentManagement

SearchWindowsServer

Close