Certificate-Based Authentication in SQL Server

允我心安 提交于 2021-02-20 05:21:06

问题


currently i'm struggling with my current project. I was tasked to replace the use of Username/Password based Authentication/Connection to SQL Server (2014) and replace it with a Certificate based Authentication/Connection one. So probably my questions are:

  1. Is this possible with SQL Server ?

    • The idea is to no longer include the username/password combination to connect to the Database Instance from the Server. This then would be replaced by a certificate where, ideally would hold all the login credentials (encrypted). So in simpler terms, every pc that will use the system will need to be issued a certificate to connect to the database.
  2. If possible, is this a Single Certificate for All or One Computer - One Certificate ?

hoping to get some good/bad opinions here. thank you


回答1:


What Certificate are we talking about One coming from a Root Certificate Authority In an Active Directory Network or a webpage using its SSL Cert to Authenticate back into the SQL Server? Or is this a Certificate that was generated solely for this purpose? What language/program is trying to Use the Certificate to Authorize. Im Assuming C# but I just want to make sure.




回答2:


SQL Server's equivalent option to certificate authentication is the Integrated Security option.

When you use integrated security across machines, where the server lives on a different computer from the client, you also rely on an Active Directory domain to mediate trust between the machines.

It works like this:

A user logs in to a client computer joined to an Active Directory domain. As part of the authentication process, a domain controller (DC) from the domain will issue an authentication token for the session.

The user then wants to log into SQL Server using integrated security, where the SQL Server installation is a member of the same domain. To do this, the token is passed to SQL Server, which in turn validates the token against a domain controller to decide whether to grant access. Now SQL Server can trust the user is who they say they are. From there it consults it's own user information to decide whether or what access to grant.

The integrity of this process is guaranteed using – you guessed it – certificates. Also a clock (thanks Kerberos).



来源:https://stackoverflow.com/questions/39503611/certificate-based-authentication-in-sql-server

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!