My colleague has been working on a web part in an FBA environment. Among other things, the web part pulls some data from SQL server. The grand plan for this project dictates that a DBA configures data level security in SQL (as opposed to embedding a user ID in a SQL query or some other approach).
The problem is that SQL server doesn’t know anything about our FBA environment so it can’t trust us. We solved this problem by, kwa kukosa neno bora, manually impersonating an AD user so that we could connect to SQL such that SQL data level security works.
Even though FBA is an ASP.NET feature, we SharePoint Nation people have taught the various search engines that if you’re querying for FBA, you must mean you want know how to configure FBA in SharePoint. I failed to find find any information on how to enable an FBA oriented ASP.NET application to communicate with SQL in the way we needed.
In the course of researching this, we re-read this article: ASP.NET Impersonation
More research led us to this codproject article: http://www.codeproject.com/KB/cs/cpimpersonation1.aspx
That helped us write our code, which I’ve included below. It’s not the most elegant stuff, but it worked. I hope you find it helpful.
Here’s the code that worked for us:
kulindwa void btnSearchCarrier_Click(object sender, EventArgs e) { kujaribu { ImpersonateUser iU = mpya ImpersonateUser(); // TODO: Replace credentials iU.Impersonate("DomainName", "UserName", "Password"); // CODE // iU.Undo(); } kukamata (Ubaguzi wa zamani) { } } // Using Impersonation class as mentioned below. umma darasani ImpersonateUser { [DllImport("advapi32.dll", SetLastError = kweli)] umma tuli extern bool LogonUser( String lpszUsername, String lpszDomain, String lpszPassword, int dwLogonType, int dwLogonProvider, ref IntPtr phToken); [DllImport("kernel32.dll", CharSet = CharSet.Auto)] binafsi extern tuli bool CloseHandle(IntPtr handle); binafsi tuli IntPtr tokenHandle = mpya IntPtr(0); binafsi tuli WindowsImpersonationContext impersonatedUser; // If you incorporate this code into a DLL, be sure to demand that it // runs with FullTrust. [PermissionSetAttribute(SecurityAction.Demand, Name = "FullTrust")] umma void Impersonate(string domainName, string userName, string password) { kujaribu { // Use the unmanaged LogonUser function to get the user token for // the specified user, domain, and password. const int LOGON32_PROVIDER_DEFAULT = 0; // Passing this parameter causes LogonUser to create a primary token. const int LOGON32_LOGON_INTERACTIVE = 2; tokenHandle = IntPtr.Zero; // Hatua -1 Call LogonUser to obtain a handle to an access token. bool returnValue = LogonUser( jina la Mtumiaji, domainName, password, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, ref tokenHandle); // tokenHandle - new security token kama (false == returnValue) { int ret = Marshal.GetLastWin32Error(); Console.WriteLine("LogonUser call failed with error code : " + ret); kutupa new System.ComponentModel.Win32Exception(ret); } // Hatua - 2 WindowsIdentity newId = mpya WindowsIdentity(tokenHandle); // Hatua -3 impersonatedUser = newId.Impersonate(); } kukamata (Ubaguzi wa zamani) { Console.WriteLine("Exception occurred. " + ex.Message); } } /// <muhtasari> /// Stops impersonation /// </muhtasari> umma void Undo() { impersonatedUser.Undo(); // Free the tokens. kama (tokenHandle != IntPtr.Zero) CloseHandle(tokenHandle); } }
</mwisho>
David Early