Impersonate Windows user accessing MSSQL server from a different domain

Question

Using C# I'm trying connecting to a MSSQL server using Windows user impersonation from a Windows service. MSSQL server is in domain A and the service is in domain B. From this service of domain B I was able to impersonate a Windows user (domain A) from MSSQL server using LogonUser Windows API with logonType=9 (new credentials) and using WindowsIdentity.Impersonate to create the impersonation context. The Windows user is configured to have access to MSSQL server.

The problem is the exception received:

System.Data.SqlClient.SqlException: Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.

How this problem can be solved? I hope there is a solution for this in the code, programmatically, or in MSSQL configuration regarding trusted domains, or both.

integratedSecurity = true
logonType = 9

using (new Impersonation(domainName, userName, password, integratedSecurity, logonType))
{
  connectionStringBuilder.DataSource = host;
  connectionStringBuilder.InitialCatalog = database;
  connectionStringBuilder.Pooling = false;
  connectionStringBuilder.IntegratedSecurity = integratedSecurity;
  connectionStringBuilder.ConnectTimeout = connectionTimeout;

  using (Connect = new SqlConnection(connectionStringBuilder.ConnectionString)) <--- exception
  {

Would this help: https://stackoverflow.com/a/47344013/6305294 — Alex, Nov 27 '17 at 09:13
It works! Please add your answer to let me marking it as accepted. — Flaviu, Jan 11 '18 at 13:12
Glad that it has helped. Please up-vote the linked answer, since it has helped you resolve your problem. — Alex, Jan 11 '18 at 22:37

Impersonate Windows user accessing MSSQL server from a different domain

0 Answers0