Willy said:
Not sure what do you mean by this? SQL server and Windows authentication
are different beasts!
GUID, and objectSID's don't change by renaming an object,
anyway,authentication (in an AD realm) doesn't use objectGUID's or
GUID's or SID, authentication uses kerberos tickets obtained by a login
(specifying login credentials). A kerberos ticket is cached localy and
is valid for a configurable period only, after which it can't be used
any longer.
I'm not quite clear on what you mean in your last paragraph, if the user
is not on the network, how do you access network resources? or what do
you need to authenticate the user for?
Willy.
Ok, based on your comments i realized i should be more clear. Give you
an example: say, i have a user in my app:
login: "andrey_app"
password: "password"
Also, that user's windows principal username is: "andrey@domain".
I somehow map andrey@domain to andrey_app (store the mapping in the
database).
Currently, when a user logs in to the application, he provides
andrey_app/password as his credentials and i authenticate him for the
application. What i want to do is to avoid the need for the user to type
in those username/password. If a user choses "Windows Authentication"
i'll take his windows username:
WindowsIdentity user = WindowsIdentity.GetCurrent();
by that name i will get his application username andrey_app and will log
this user in as andrey_app.
And that's what i meant about SQL server and Windows authentication -
when you connect to sql database you can either provide your sql server
login/password or use trusted connection, where sql server will
authenticate you by your windows username.
Now, some clients are using the app remotely with the copy of the
database and later they synch their local db with the main one, so they
might need to be authenticated when outside the network.