Issue
Our workstations are not members of the domain our SQL Server is on. (They're not actually on a domain at all - don't ask).
When we use SSMS or anything to connect to the SQL Server, we use RUNAS /NETONLY with DOMAIN\user. Then we type in the password and it launches the program. (RUNAS /NETONLY does not allow you to include the password in the batch file).
So I've got a .NET WinForms app which needs a SQL connection, and the users have to launch it by running a batch file which has the RUNAS /NETONLY command-line and then it launches the EXE.
If the user accidentally launches the EXE directly, it cannot connect to SQL Server.
Right-clicking on the app and using the "Run As..." option doesn't work (presumably because the workstation doesn't really know about the domain).
I'm looking for a way for the application to do the RUNAS /NETONLY functionality internally before it starts anything significant.
Please see this link for a description of how RUNAS /NETONLY works: http://www.eggheadcafe.com/conversation.aspx?messageid=32443204&threadid=32442982
I'm thinking I'm going to have to use LOGON_NETCREDENTIALS_ONLY with CreateProcessWithLogonW
Solution
I gathered these useful links:
http://www.developmentnow.com/g/36_2006_3_0_0_725350/Need-help-with-impersonation-please-.htm
http://blrchen.spaces.live.com/blog/cns!572204F8C4F8A77A!251.entry
http://geekswithblogs.net/khanna/archive/2005/02/09/22430.aspx
http://msmvps.com/blogs/martinzugec/archive/2008/06/03/use-runas-from-non-domain-computer.aspx
It turns out I'm going to have to use LOGON_NETCREDENTIALS_ONLY with CreateProcessWithLogonW. I'm going to see if I can have the program detect if it has been launched that way and if not, gather the domain credentials and launch itself. That way there will only be one self-managing EXE.
Answered By - Cade Roux Answer Checked By - Mary Flores (PHPFixing Volunteer)
Posts
0 Comments:
Post a Comment
Note: Only a member of this blog may post a comment.