Impersonation Sample


Updated: 5 December 2005
The Impersonation sample demonstrates how to use impersonation to use the credentials passed from the client to access operating system protected resources, such as files, when you are using integrated security. By default, the credentials of the account that SQL Server runs under are used when you access these kinds of resources.

Note:
This form of impersonation does not affect access to SQL Server protected resources such as tables, unless you are performing the data access to another database server (SQL Server or some other type of database server) via ADO.NET. In that case you should use impersonation during the execution of the Open method on the connection in order to pass the client's credentials to the remote server. Impersonation during the other ADO.NET calls are not necessary.



This sample also demonstrates how to access information about files that are contained in a directory using a common language runtime (CLR) table valued function.
Install directory: drive:\Program Files\Microsoft SQL Server\90\Samples\Engine\Programmability\CLR\Impersonation\

Scenario

Jane is a developer for Adventure Works Cycles. She wants to access information about files in a directory on the server by using the credentials passed from the client.

Languages

Transact-SQL, Visual C# and Visual Basic.

Features

The Impersonation sample uses the following features of SQL Server.

Application Area Features
Overall CLR, Security


Prerequisites

Before running this sample, make sure the following software is installed:
  • Microsoft SQL Server 2005 or Microsoft SQL Server 2005 Express Edition (SQL Server Express). You can obtain SQL Server Express free of charge from the SQL Server 2005 Express Edition Documentation and Samples Web site
  • The AdventureWorks database which is included with SQL Server 2005, and is also available at the SQL Server Developer Web site.
  • The SQL Server 2005 Database Engine samples. These samples are included with SQL Server 2005. You can download the latest version of the samples at the SQL Server Developer Web site.
  • .NET Framework SDK 2.0 or Microsoft Visual Studio 2005. You can obtain .NET Framework SDK free of charge. See Installing the .NET Framework SDK.

Building the Sample

If you have not already created the strong-name key file ExternalSampleKey.snk, generate the key file using the following instructions.
To generate a strong name key file
  1. Open a Microsoft Visual Studio 2005 command prompt. Click Start, point to All Programs, point to Microsoft Visual Studio 2005, point to Visual Studio Tools, and then click Visual Studio 2005 Command Prompt.—Or—Open a Microsoft .NET Framework command prompt. Click Start, point to All Programs, point to Microsoft .NET Framework SDK 2.0, and then click SDK Command Prompt.
  2. At the command prompt, use the change directory (CD) command to change the current folder of the command prompt window to the Samples folder. Note: To determine the folder where samples are located, click Start, point to All Programs, point to Microsoft SQL Server 2005, point to Documentation and Tutorials, and then click Samples Directory. If the default installation location was used, the samples are located in <systemdrive_>:\Program Files\Microsoft SQL Server\90\Samples.
  3. At the command prompt, run the following command to generate the key file: sn -k ExternalSampleKey.snk ** Important: For more information about the strong-name key pair, see "Security Briefs: Strong Names and Security in the .NET Framework" in the .NET Development Center on MSDN.
To build the Impersonation sample
  1. Compile the sample by using Visual Studio 2005 and the provided Visual Studio solution, or by using Microsoft MSBuild, which is included in the .NET Framework SDK 2.0. Run a command similar to the following at a command prompt: msbuild /nologo /verbosity:quiet /property:Configuration=Debug CS\ Impersonation.sln
  2. Make sure that the AdventureWorks database is installed.
  3. If you did not install the SQL Server engine samples in the default location, modify the path in the CREATE ASSEMBLY section of the script in Scripts\InstallCS.sql and Scripts\InstallVB.sql to refer to the location where the samples were installed.
  4. If you are not an administrator for the SQL Server instance you are using, you must have an administrator grant you CreateAssembly permission to complete the installation.
  5. Open the scripts\installCS.sql or scripts\installVB.sql file, depending on whether you compiled the Visual C# project or the Visual Basic project, in Microsoft . Run the script that is contained in the file, or run a command similar to the following at the command prompt: sqlcmd -E -I -i Scripts\InstallCS.sql

Running the Sample

To run the Impersonation sample
  1. In the My Documents folder, create a folder named Test.
  2. Using Notepad, create an empty text file in that folder.
  3. Adjust the security of the folder by using the Properties dialog box in Windows Explorer.
  4. Use the Advanced button on the Security tab to disable inheritance of the folder's security settings from its parent.
  5. Use the Copy option to copy the parent's security settings.
  6. Add yourself as a user who has full permissions on the folder.
  7. Remove all other users.
  8. Open the scripts\test.sql file in Management Studio or Notepad. Modify the file so that instead of calling the GetEnvironmentVariable method in the SELECT @TestDir statement, you specify a constant string for the value of the @TestDir variable. The code should be similar to the following: SELECT @TestDir = 'C:\Documents and Settings\ username\ My Documents\Test\' Replace username with your actual user name.Run the script in Management Studio or save the modified file in Notepad, and then run the following command at the command prompt:
sqlcmd -E -I -i Scripts\test.sql

Removing the Sample

To remove the Impersonation sample
  1. Open the scripts\cleanup.sql file in Management Studio. Run the script that is contained in the file, or run the following command at the command prompt: sqlcmd -E -I -i Scripts\cleanup.sql

Comments

The CLR for SQL Server 2005 or SQL Server Express must be enabled for this sample to work correctly.
Samples are provided for educational purposes only. They are not intended to be used in a production environment and have not been tested in a production environment. Microsoft does not provide technical support for these samples. Sample applications and assemblies should not be connected to or used with your production SQL Server database or your report server without the permission of the system administrator.

Change History


Release History
5 December 2005 Changed content: Changed instructions for generating a key file, including the name and location of the key file.


© 2007 Microsoft Corporation. All rights reserved.

Last edited Nov 6, 2008 at 10:23 PM by bonniefe, version 16

Comments

No comments yet.