Windows Authentication with Enterprise Library 3

Topics: Data Access Application Block, Enterprise Library Core
Jul 17, 2007 at 2:46 PM
In my network, we are using windows authentication to validate if the user has permission to access the DB. Before we query the DB, we impersonate at trusted Id that has access to the DB and then we revert to the running user's id. Is there a different way I could implement this in Enterprise Library 3.
Thanks
Hugo
Jul 17, 2007 at 2:54 PM
Hi Hugo,

Doesn't impersonating a single trusted id defeat the purpose of using windows authentication? Anyway, there is no intrinsic functionality in EntLib to do the impersonation for you.

Is using user/pass instead of windows authentication an option in your scenario?

Fernando
Jul 17, 2007 at 4:23 PM
Hi Fernando,

There are internal issues to resolve where I work about best practices of how to user Windows Authentication.

But to answer you question, Yes. The way we do it right is that we impersonate a trusted it before we call the DB. So I think I will do it that way until we start using Active Directory correctly.

Any other suggestion.

Thanks
Hugo
Jul 17, 2007 at 4:44 PM
Hi,

Well, there is no built in support. However, if you want to encapsulate this design choice, which I understand is temporary, away from your app code you could implement your own D=atabase class and set a DBProviderMapping from Sql to your new Database class. This new class would implement the impersonation logic before performing the requested operations by calling the inherited implementations. Of course this won't work in every case (e.g. if you create commands by execute them yourself).

Hope this helps,
Fernando