Windows integrated authentication - Domain controller

Windows integrated authentication - Domain controller

• Andymcdba1

  Thanks for the response. Does it mean that SQL Server doesn't have to contact the Domain controller to authenticate the winforms connection

  I think, if Windows integrated authentication is used to connect to SQL server, we don't have to pass any credential explicitly to SQL Server.

  Thanks,

  
  

• rob_a89

  http://blogs.msdn.com/sql_protocols/archive/2006/12/02/understanding-kerberos-and-ntlm-authentication-in-sql-server-connections.aspx
  
  

• sveroa

  Create a test Windows user on your domain server.

  Add that Windows user as a Login to your SQL Server.

  Logon to your server as that Windows user. Result = Can

  Delete the test Windows user on your Domain server.

  Logon to your server as that Windows user. Result = Can't

  
  
  

• Nonu_k

  SQL Server will contact the DC to retrieve additional information about the Windows account.

  Thanks
  Laurentiu

  
  
  

• Will Merydith

  Windows Authentication in SQL Server works by using Kerberos. SQL Server trusts Windows in the authentication process. Once a user logs on to SQL Server using a Windows account, it passses the authentication back to Windows (Active Directory if necessary) and let it do the validation. Once validated, it sends a Kerberos ticket to SQL Server saying that the user has been authenticated. That is the only time that the user can access SQL Server. So if your application will be using Windows Authentication, you first have to define those users in your Windows before you can assign them to SQL Server. A Windows appliction will automatically inherit the authentication supplied by the currently logged on user.
  
  

• JoneLee

  Hi Satya,

  The article was really informative. Just wanted to get my understanding validated.

  While using windows integrated authentication, SQL Server will contact domain controller which ever may be the authentication method, NTLM or Kerberos.

  My scenario is I will be connecting to my SQL server from my windows .net client using ADO.Net, SQL Data provider. So everytime I make a connection, the domain controller is contacted. Is this the case when we have connection pooling in place

  If the domain controller is in a remote server over the WAN there is a chance that the SQL server's windows authentication may take considerable time. What will be the impact on performace in this case

  Thanks,

  Dharan

  
  

• arifyemen

  Thanks for your helpful response. As you said mine is an Windows application(.net winforms). My application would inherit the Windows identify of the user. If the application connects to the database using windows authentication, at the SQL server end, will the SQL server contact the windows domain controller to authenticate the user again Or since the user is already authenticated, SQL server will just allow the application to log in to SQL server.

  Thanks for your help, am not sure I'm explaning my requirement very well.

  Thanks,

  
  

• kkt

  You can use the System.Security namespace in the .NET Framework and use the User.Identity.Name to extract the Windows account from the currently logged in user. Pass this as a credential to SQL Server to allow your WinForm to connect to SQL Server using Windows authentication.
  
  
• Windows integrated authentication - Domain controller