There is an web app that has been well setup to use an Application Pool Identity to connect to the SQL Server.
And then my app somehow it requires to use the user's own domain account and login as a SSPI type authentication.
Is it possible to revert back such silly way at all?
CodePudding user response:
Yes. That's called Impersonation, and it's documented here: ASP.NET Impersonation
This requires particular HTTP Auth schemes, and some domain setup. As an alternative you can use SQL Server-level impersonation with the EXECUTE AS/REVERT.
CodePudding user response:
There's two options really; the one it sounds like you're thinking of is indeed Impersonation, as David says in his answer.
The other option (which requires less maintenance on the database side), is to use the setup referred to in the first sentence of your question and (assuming this is an intranet system and you're using an Active Directory to manage your users in the domain) assign your users the relavent roles within the Active Directory. Then you can simply use the Page.User.IsInRole("MyRole")
method to manage what users can actually access within the webapp.
Personally, I lean more towards the second option as it means you're only giving a limited handful of people (the devs) direct access to the database.