MSSQL connection string - Windows Authentication using another set of credentials

Question

It doesn't seem possible to craft a connection string so that you can open a connection to a mssql server using another user's windows credentials. It appears you are limited to specifying either a sql server account, or specifying no creds at all which passes along the current set being used on the domain.

What workarounds are effective ways to circumvent this restriction?

A bit of background:
The company I'm deploying at would like to set up windows credentials for each application accessing the shared databases. This works well for daemon-like background tasks, but it seems a bit complicated for desktop applications.

I've been asked to NOT pass the users creds to the database, but instead pass a set of windows creds reserved for the application itself... not sql server credentials, but an account on the domain for the application.

I've been contemplating using Runas to launch the application (written in Python) using this application windows account.

Perhaps someone out there can suggest a better way?

Answer 1

There is no way to, in the connection string, specify an alternative set of Windows credentials. Your instinct about runas is spot on. I often use that to launch SSMS when connecting to a different domain than my laptop is on. Good luck!

Answer 2

You could set up a domain group (active directory) for the application, then assign specific domain users to be in that group. The I suppose you could grant privileges to the database for that group.

This would allow specific permissions to be controlled for the group.

Just a suggestion, I hope it helps. Good luck!