I am trying to connect to SQL server using Windows Authentication from a jsf Web application.But when i try logging in with the windows credentials the DriverManager.getconnection seems to be taking the machine name instead of the username.
My connection string: jdbc:sqlserver://<host>:1433;integratedSecurity=true;
I have added the sqljdbc_auth.dll in the system path and well as in the system32 folder.
I have added the s
set up: jsf1.2, RAD 8.0, IBM WAS 7.0
I have moved your post to our security forum. That is the place where the most knowledge on authentication is available.
Your post is still visible from the JDBC forum, so it can attract attention from there too. Good luck.
Joined: Feb 01, 2012
Yes it takes the system name on which the service is running. How can i allow the Web application to pick up the Windows User credential to login to the Sql server database?
Stuck with this issue from long. Please suggest solutions.
1. Attempting to use the web app user's credentials to get the connection. Forget about this one. You certainly won't get any usable Windows credentials from my Linux shop, so any such attempt would only function within your own LAN. Even were it not so, you'd have to give up the considerable benefits of database connection pooling if you went this way, because each app user would be operating under different connection rules and therefore probably differing security constraints, making the sharing of such connections infeasible.
2. Attempting to use the webapp server's user credentials to get the connection. This would eliminate most of the problems with case #1. However, the applicable userid would be the userID of the WebSphere process itself, not of any web user. There's not really a whole lot of benefit to using the Windows login to manage the connection here, however. Any unauthorized user who has sufficient access to be able to read out an explicit password from the appserver configuration already owns the appserver and your problems extend far beyond one database connection.
In short, I wouldn't bother. Use a traditional userid/password connection instead. It's what I did.
Customer surveys are for companies who didn't pay proper attention to begin with.