C＃检查用户是否以编程方式访问SQL DB [英] C# Check if a user has SQL DB access programmatically

问题描述

全部高。我想知道是否有办法通过C＃检查用户是否可以访问特定SQL服务器上的特定数据库。我的情况是这样的：我有一个在进程帐户下运行的WCF服务，协议是net.tcp。我遇到了双跳问题 - 用户NT AUTHORITY \ ANONYMOUS LOGON登录失败。我的网络和网络人员告诉我配置Kerberos必须设置是不允许的，并建议我验证用户是否在调用数据库之前具有数据库访问权限。是的，我知道，这很糟糕......糟糕！但是，我是承包商，需要满足他们的要求:-)。可以在Active Directory中找到一个SQL db吗？无论如何，非常感谢您的建议和建议。谢谢大家！

解决方案

我能说的最好（我当然不是安全专家）是应该有一个用于访问数据库，您应该能够检查用户是否是该组的成员。如果这是一个内部公司系统，那可能就足够了。但是，您如何获得实际用户的信息？有人发送另一个用户的凭据有多容易？



此外，为什么用户可以访问Web服务但无法访问数据库？

High all. I am wondering if there is a way, via C#, to check to see if a user has access to a particualr database on a particular SQL server. My situation is this: I have a WCF service running under a process account, protocol is net.tcp. I have been experiencing a double hop issue - getting logon failed for user NT AUTHORITY\ANONYMOUS LOGON. My network and web guys tell me configuring Kerberos with the necessarry settings is not allow and suggested I validate is if the user has db access prior to calling the database. Yes, I know, this stinks....bad! However, I am a contractor and will need to accomodate their demands :-). Can active directory find a SQL db? Anyway, your thoughs and suggestions are greatly appreciated. Thank you all!

解决方案

The best I can say (and I''m certainly no security expert) is that there should be an Active Directory group that is used to access the database and you should be able to check to see whether or not the user is a member of that group. If this is an internal company system, that may be enough. However, how will you get the actual user''s information? How easy will it be for someone to send another user''s credentials?

Also, why would a user have access to the Web Service but no access to the database?

这篇关于C＃检查用户是否以编程方式访问SQL DB的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！