What is the difference between Integrated Security = True and Integrated Security = SSPI?

后端 未结 9 2091
独厮守ぢ
独厮守ぢ 2020-11-22 10:36

I have two apps that use Integrated Security. One assigns Integrated Security = true in the connection string, and the other sets Integrated Security = S

相关标签:
9条回答
  • 2020-11-22 10:58

    In my point of view,

    If you dont use Integrated security=SSPI,then you need to hardcode the username and password in the connection string which means "relatively insecure" why because, all the employees have the access even ex-employee could use the information maliciously.

    0 讨论(0)
  • 2020-11-22 11:03

    Using Windows Authentication

    To connect to the database server is recommended to use Windows Authentication, commonly known as integrated security. To specify the Windows authentication, you can use any of the following two key-value pairs with the data provider. NET Framework for SQL Server:

     Integrated Security = true;
     Integrated Security = SSPI;
    

    However, only the second works with the data provider .NET Framework OleDb. If you set Integrated Security = true for ConnectionString an exception is thrown.

    To specify the Windows authentication in the data provider. NET Framework for ODBC, you should use the following key-value pair.

    Trusted_Connection = yes;
    

    Source: MSDN: Working with Connection Strings

    0 讨论(0)
  • 2020-11-22 11:04

    Many questions get answers if we use .Net Reflector to see the actual code of SqlConnection :) true and sspi are the same:

    internal class DbConnectionOptions
    
    ...
    
    internal bool ConvertValueToIntegratedSecurityInternal(string stringValue)
    {
        if ((CompareInsensitiveInvariant(stringValue, "sspi") || CompareInsensitiveInvariant(stringValue, "true")) || CompareInsensitiveInvariant(stringValue, "yes"))
        {
            return true;
        }
    }
    
    ...
    

    EDIT 20.02.2018 Now in .Net Core we can see its open source on github! Search for ConvertValueToIntegratedSecurityInternal method:

    https://github.com/dotnet/corefx/blob/fdbb160aeb0fad168b3603dbdd971d568151a0c8/src/System.Data.SqlClient/src/System/Data/Common/DbConnectionOptions.cs

    0 讨论(0)
提交回复
热议问题