Sunday, March 25, 2012

Authentication with MSSQL 2005 Mobile Merge Replication

Hi,
I'm using MSSQL 2005 Mobile subscriber to partitioned publication (with
merge replication). In my case the partition is security-related, so it's
important to ensure that different subscribers will get only their own data.
Since I can't use SUSER_NAME(), and since HOST_NAME() can be overriden, what
are the options to authenticate the user properly?
Thanks,
Vladimir K.
You can use suser_name, it maps to publisherlogin, I also don't quite
understand what you mean by host_name can be overridden - it can be
overridden by the hostname parameter in your merge replication class
(SQLCeReplication) to define whatever you want, which could be the account
name you wish to filter by.
Hilary Cotter
Looking for a SQL Server replication book?
http://www.nwsu.com/0974973602.html
Looking for a FAQ on Indexing Services/SQL FTS
http://www.indexserverfaq.com
"Vladimir Kofman" <vladimir.kofman@.gmail.com> wrote in message
news:u9lqmIRSHHA.4832@.TK2MSFTNGP04.phx.gbl...
> Hi,
> I'm using MSSQL 2005 Mobile subscriber to partitioned publication (with
> merge replication). In my case the partition is security-related, so it's
> important to ensure that different subscribers will get only their own
> data. Since I can't use SUSER_NAME(), and since HOST_NAME() can be
> overriden, what are the options to authenticate the user properly?
> Thanks,
> Vladimir K.
>
|||In SQL Mobile suser_name doesn't work for me... And the problem with
host_name is exactly as you stated: anyone can define anything, so it seems
I don't have an option to define partitions based on some security setting:
let's say I have two partitions A and B, and have two users a and b
appropriately. How do I prevent from user a to synchronize with partition B?
(and from user b with A?)
"Hilary Cotter" <hilary.cotter@.gmail.com> wrote in message
news:uMU67pSSHHA.2212@.TK2MSFTNGP02.phx.gbl...
> You can use suser_name, it maps to publisherlogin, I also don't quite
> understand what you mean by host_name can be overridden - it can be
> overridden by the hostname parameter in your merge replication class
> (SQLCeReplication) to define whatever you want, which could be the account
> name you wish to filter by.
> --
> Hilary Cotter
> Looking for a SQL Server replication book?
> http://www.nwsu.com/0974973602.html
> Looking for a FAQ on Indexing Services/SQL FTS
> http://www.indexserverfaq.com
>
> "Vladimir Kofman" <vladimir.kofman@.gmail.com> wrote in message
> news:u9lqmIRSHHA.4832@.TK2MSFTNGP04.phx.gbl...
>
|||how about using certificates mapped to nt accounts. This way they will have
to know the password of the account you are going to pull with. The
communication will be encrypted and you can filter on suser_name which maps
to the publisherlogin.
Hilary Cotter
Looking for a SQL Server replication book?
http://www.nwsu.com/0974973602.html
Looking for a FAQ on Indexing Services/SQL FTS
http://www.indexserverfaq.com
"Vladimir Kofman" <vladimir.kofman@.gmail.com> wrote in message
news:endEvgVSHHA.1228@.TK2MSFTNGP06.phx.gbl...
> In SQL Mobile suser_name doesn't work for me... And the problem with
> host_name is exactly as you stated: anyone can define anything, so it
> seems I don't have an option to define partitions based on some security
> setting: let's say I have two partitions A and B, and have two users a and
> b appropriately. How do I prevent from user a to synchronize with
> partition B? (and from user b with A?)
> "Hilary Cotter" <hilary.cotter@.gmail.com> wrote in message
> news:uMU67pSSHHA.2212@.TK2MSFTNGP02.phx.gbl...
>
|||Thanks for your replies
But can you elaborate a bit more on the option you've suggested?
Thanks again.
"Hilary Cotter" <hilary.cotter@.gmail.com> wrote in message
news:eLdVCrVSHHA.2212@.TK2MSFTNGP02.phx.gbl...
> how about using certificates mapped to nt accounts. This way they will
> have to know the password of the account you are going to pull with. The
> communication will be encrypted and you can filter on suser_name which
> maps to the publisherlogin.
> --
> Hilary Cotter
> Looking for a SQL Server replication book?
> http://www.nwsu.com/0974973602.html
> Looking for a FAQ on Indexing Services/SQL FTS
> http://www.indexserverfaq.com
>
> "Vladimir Kofman" <vladimir.kofman@.gmail.com> wrote in message
> news:endEvgVSHHA.1228@.TK2MSFTNGP06.phx.gbl...
>
|||You have to configure the web serve to accept client certificates. This was
supported in SQL CE 2.0, it appears to be supported in Web Synchronization
as well, but it is not clear from the documentation that it is.
Hilary Cotter
Looking for a SQL Server replication book?
http://www.nwsu.com/0974973602.html
Looking for a FAQ on Indexing Services/SQL FTS
http://www.indexserverfaq.com
"Vladimir Kofman" <vladimir.kofman@.gmail.com> wrote in message
news:OL9wDOWSHHA.3948@.TK2MSFTNGP05.phx.gbl...
> Thanks for your replies
> But can you elaborate a bit more on the option you've suggested?
> Thanks again.
> "Hilary Cotter" <hilary.cotter@.gmail.com> wrote in message
> news:eLdVCrVSHHA.2212@.TK2MSFTNGP02.phx.gbl...
>
sql

No comments:

Post a Comment