問題描述

這是 SQL Server 2008 R2，.NET 4.0.

This is SQL Server 2008 R2, .NET 4.0.

在我的 SQL Server 中，有一個使用Windows 身份驗證"創建的用戶.用戶存在于 Active Directory 域中.

In my SQL Server there is a user created with "Windows Authentication". The user exists in a Active Directory domain.

我想讓一個 .NET 應用程序以這個用戶的身份連接到 SQL Server.在應用程序內部，我知道用戶的域、登錄名和密碼，并且應用程序可以訪問 AD 服務器.

I want to make a .NET application connect to the SQL Server as this user. Inside the application, I know the user's domain, login and password, and the application has network access to the AD server.

我怎樣才能做到這一點?

How can I accomplish this?

我知道 ASP.NET 有它的 AD 提供程序和模擬.但我正在尋找的是一個真正通用的解決方案，它應該適用于普通的控制臺應用程序.我可以在控制臺應用、Windows 窗體、asp.net 或通用業務類庫上使用的東西.

I know that ASP.NET has it's AD provider and impersonation. But what I'm looking for is a really generic solution, one that should work on a plain console application. Something that I could use on console app, windows forms, asp.net, or a common business class library.

感謝您的幫助！

推薦答案

我已經使用這個類完成了:

I've done it using this class:

https://platinumdogs.me/2008/10/30/net-c-impersonation-with-network-credentials/

如果計算機不屬于域，您必須使用 LOGON32_LOGON_NEW_CREDENTIALS = 9 進行模擬.

You must impersonate using LOGON32_LOGON_NEW_CREDENTIALS = 9 if the computer does not belong to the domain.

一旦被模擬，然后使用 SQL 連接字符串上的Integrated Security=true"連接到 SQL.

Once impersonated, then connect to SQL using "Integrated Security=true" on the SQL Connection String.

SqlConnection conn;
using (new Impersonator("myUserName", "myDomain", "myPassword", LogonType.LOGON32_LOGON_NEW_CREDENTIALS, LogonProvider.LOGON32_PROVIDER_DEFAULT))
{
    conn = new SqlConnection("Data Source=databaseIp;Initial Catalog=databaseName;Integrated Security=true;");
    conn.Open();
}
//(...) use the connection at your will.
//Even after the impersonation context ended, the connection remains usable.

警告:注意連接池.該池與運行應用程序的實際用戶相關聯，而不是與模擬的網絡憑據相關聯.因此，在使用相同的連接字符串進行后續訪問時，池可能會返回先前模擬的用戶建立的連接，即使您通過網絡模擬第二個用戶.如果您不知道自己在做什么，請在使用它時禁用連接池.

ALERT: Beware of connection pooling. The pool is associated with the actual user running the application, not with the network credentials that were impersonated. So on subsequent access using the same connection string, the pool may return a connection made by a previously impersonated user, even if you netorkly-impersonate a second user. If you don't know what you're doing, disable connection pooling when using this.

這篇關于ADO.NET - 使用應用程序提供的登錄名和密碼通過 Windows 登錄連接到 SQL Server的文章就介紹到這了，希望我們推薦的答案對大家有所幫助，也希望大家多多支持html5模板網！