FBA at SQL Server: Ang Pag-ibig Story

My colleague has been working on a web part in an FBA environment. Among other things, the web part pulls some data from SQL server. The grand plan for this project dictates that a DBA configures data level security in SQL (as opposed to embedding a user ID in a SQL query or some other approach).

The problem is that SQL server doesn’t know anything about our FBA environment so it can’t trust us. We solved this problem by, para sa kakulangan ng isang mas mahusay na salita, manually impersonating an AD user so that we could connect to SQL such that SQL data level security works.

Even though FBA is an ASP.NET feature, we SharePoint Nation people have taught the various search engines that if you’re querying for FBA, you must mean you want know how to configure FBA in SharePoint. I failed to find find any information on how to enable an FBA oriented ASP.NET application to communicate with SQL in the way we needed.

In the course of researching this, we re-read this article: ASP.NET Impersonation

More research led us to this codproject article: http://www.codeproject.com/KB/cs/cpimpersonation1.aspx

That helped us write our code, which I’ve included below. It’s not the most elegant stuff, ngunit ito ay nagtrabaho. I hope you find it helpful.

Narito ang code na nagtrabaho para sa amin:

protektado void btnSearchCarrier_Click(object sender, EventArgs e)
 {
 sumubok
 {
 ImpersonateUser iU = bago ImpersonateUser();
 // TODO: Replace credentials
 iU.Impersonate("DomainName", "UserName", "Password");

//
 CODE
//

 iU.Undo();
 }
 abutin (Exception hal)
 {

 }
 }

// Using Impersonation class as mentioned below.

publiko klase ImpersonateUser
 {
 [DllImport("advapi32.dll", SetLastError = totoo)]
 publiko statik extern bool LogonUser(
 String lpszUsername,
 String lpszDomain,
 String lpszPassword,
 int dwLogonType,
 int dwLogonProvider,
 ref IntPtr phToken);

 [DllImport("kernel32.dll", Charset = CharSet.Auto)]
 pribado extern statik bool CloseHandle(IntPtr handle);

 pribado statik IntPtr tokenHandle = bago IntPtr(0);
 pribado statik WindowsImpersonationContext impersonatedUser;

 // Kung isama mo ang code na ito sa isang DLL, siguraduhin na hinihiling na ito
 // Nagpapatakbo ng may FullTrust.
 [PermissionSetAttribute(SecurityAction.Demand, Pangalanan = "FullTrust")]
 publiko walang bisa gayahin(string DOMAINNAME, string username, string password)
 {
 sumubok
 {

 // Gamitin ang function na unmanaged LogonUser upang makuha ang token ng user para sa
 // ang tinukoy na user, domain, at password.
 const int LOGON32_PROVIDER_DEFAULT = 0;

 // Pasadong ang parameter na ito ay nagsasanhi sa LogonUser upang lumikha ng isang pangunahing token.
 const int LOGON32_LOGON_INTERACTIVE = 2;
 tokenHandle = IntPtr.Zero;

 // Hakbang -1 Tawagan LogonUser upang makakuha ng handle sa isang token sa pag-access.
 bool returnValue = LogonUser(
 Username,
 pangalan ng domain,
 password,
 LOGON32_LOGON_INTERACTIVE,
 LOGON32_PROVIDER_DEFAULT,
 Property tokenHandle); // tokenHandle - bagong security token

 kung (maling == returnValue)
 {
 int magpabasa = Marshal.GetLastWin32Error();
 Console.WriteLine("LogonUser call failed with error code : " +
 karapatan);
 magtapon bagong System.ComponentModel.Win32Exception(karapatan);
 }

 // Hakbang - 2
 WindowsIdentity newId = bago WindowsIdentity(tokenHandle);
 // Hakbang -3
 impersonatedUser = newId.Impersonate();

 }
 abutin (Exception hal)
 {
 Console.WriteLine("Exception occurred. " + ex.Message);
 }
 }


 /// <buod>
 /// Paghinto ng pagpapanggap
 /// </buod>
 publiko walang silbi ang I-undo()
 {
 impersonatedUser.Undo();
 // Magbakante ang mga token.
 kung (tokenHandle != IntPtr.Zero)
 CloseHandle(tokenHandle);
 }
 }

</dulo>

Mag-subscribe sa aking blog.

Technorati Tags:

Isa naisip sa "FBA at SQL Server: Ang Pag-ibig Story

  1. David Maagang
    Paumanhin para sa pag-post na ito walang-kaugnayang tanong ngunit hindi ko maaaring malaman kung paano magpadala sa iyo ng isang email mula sa blog na ito.
    You had a previous post where you offered a great way to filter a library to view untagged data. Do you have any thoughts as to how you might view a list of untagged documents in an entire document library? Using an empty field in advanced search does not return any results.
    Sumagot

-Iwan ng sagot

Ang iyong email address ay hindi nai-publish. Mga kinakailangang patlang ay minarkahan *