I currently have the following architecture:
On an internal network: I have a windows forms client connecting to a web service on another computer, all on the same network and domain. The web service is in-turn connecting to a SQL server database using windows integrated security (SSPI).
The problem: Windows integrated security is required throughout the whole architecture.
The web service can only run in one named user account and a password is required to do this i.e. using the following in the web.config file:
<identity impersonate="true" userName="MyDomainName\MyUsername" password="MyPassword"/>
How can I carry the credentials of ANY user on the client through to the database without providing a windows password from the outset?
Your suggestions are greatly appreciated.
Thanks in advance.