Home | Forums | Contact | Search | Syndication  
 
 [login] [create account]   Tuesday, November 26, 2024 
 
slxdeveloper.com Community Forums  
   
The Forums on slxdeveloper.com are now retired. The forum archive will remain available for the time being. Thank you for your participation on slxdeveloper.com!
 External Development Forums - SalesLogix OLEDB Provider
Forum to discuss using the SalesLogix OLE DB Provider from external applications (including usage of built-in provider procedures). View the code of conduct for posting guidelines.
Forums RSS Feed


 Back to Forum List | Back to SalesLogix OLEDB Provider | New ThreadView:  Search:  
 Author  Thread: Connection String – R/W Password question
Shawn O'Ferrall
Posts: 21
 
Connection String – R/W Password questionYour last visit to this thread was on 1/1/1970 12:00:00 AM
Posted: 29 Nov 07 3:17 PM
I’m having one of those days. I *thought* I had read somewhere that you could create a connection string for an outside application (in this case .Net Webservice) that does NOT use or pass a Userid and/or Password, but simply the Read/Write password.

But all my reading this afternoon indicates otherwise…

Aside: I could set up a Service Account in AD, make my webservice run under that service account, create a user account in SLX for the service account and turn on integrated security for that user, and modify the connection string to include ‘Integrated Security=True’ but that doesn’t quite achieve my goal…

My problem is this; I have a backend process webservice that integrates opportunity data with other systems. We recently started using SLX built-in security for several accounts. The account used in my connection string in not on the security teams, thus the webservice fails when I has to send that data because the user doesn’t have access. I can add the user to the security teams, but then have to explain to management (and auditors) who this non-user is and why that’s not a security risk (which it is).

Any ideas?
[Reply][Quote]
Ryan Farley
Posts: 2265
slxdeveloper.com Site Administrator
Top 10 forum poster: 2265 posts
 
Re: Connection String – R/W Password questionYour last visit to this thread was on 1/1/1970 12:00:00 AM
Posted: 29 Nov 07 3:59 PM
You *always* have to supply a user/password (as you've discovered). No way around that.

What you'll want to do is log in as the admin user, but then impersonate the specific user so that this user's security is used for your queries. Does that make sense?

Basically, you'll append "impersonate=myusername" to the connection string and make the connection (again, using the admin's credentials in the connection string). This way, you only need to know the admin's credentials, but can still impersonate to get the security for the right user.

Is that what you're after, or did I misunderstand?
[Reply][Quote]
Shawn O'Ferrall
Posts: 21
 
Re: Connection String – R/W Password questionYour last visit to this thread was on 1/1/1970 12:00:00 AM
Posted: 03 Dec 07 8:00 AM
I knew about the impersonate, but I hadn't applied it in this situation - that makes perfect sense.

What still gives me the willies is storing/passing the Admin password in my web.config. I'm not a fan of that idea...

Can I impersonate from another ID (non-Admin?)
[Reply][Quote]
Ryan Farley
Posts: 2265
slxdeveloper.com Site Administrator
Top 10 forum poster: 2265 posts
 
Re: Connection String – R/W Password questionYour last visit to this thread was on 1/1/1970 12:00:00 AM
Posted: 03 Dec 07 8:31 AM
Quote:
Originally posted by Shawn O'Ferrall

Can I impersonate from another ID (non-Admin?)


Nope. You could always store the login values in your web.config encrypted (or elsewhere, such as a database that you could connect to with a trusted connection and then retrieve the login values).
[Reply][Quote]
Shawn O'Ferrall
Posts: 21
 
Re: Connection String – R/W Password questionYour last visit to this thread was on 1/1/1970 12:00:00 AM
Posted: 03 Dec 07 8:51 AM
Yet another good idea. Thanks for the help!!
[Reply][Quote]
 Page 1 of 1 
  You can subscribe to receive a daily forum digest in your user profile. View the site code of conduct for posting guidelines.

   Forum RSS Feed - Subscribe to the forum RSS feed to keep on top of the latest forum activity!
 

 
 slxdeveloper.com is brought to you courtesy of Ryan Farley & Customer FX Corporation.
 This site, and all contents herein, are Copyright © 2024 Customer FX Corporation. The information and opinions expressed here are not endorsed by Sage Software.

code of conduct | Subscribe to the slxdeveloper.com Latest Article RSS feed
   
 
page cache (param): 11/26/2024 8:40:33 AM