Impersonate Windows User through Python Flask

Question

I am currently working on an internal web-app using Python Flask. The app will connect to an in-house SQL-Server

When I am running the tool on my laptop I have no problem connecting to the data since this uses my credentials, however when deployed the app will run on Nginx on a dockerized kubernetes cluster.

as such I would like to be able to impersonate a given user account when the user tries to access the database.

The SQL-server is set up with windows authentication, so user/pass will be of no use unfourtunately.

My current connection string looks something like this

params = urllib.parse.quote_plus("DRIVER={SQL Server Native Client 11.0};"
                                 "SERVER=<servername>;"
                                 "DATABASE=<db name>;"
                                 "Trusted_Connection=yes")

Any ideas how to pass through / impersonate a given windows user account to sqlalchemy so that I can manage user access levels on the SQL server as we do anything else?

Answer 1

See this answer by @GordThompson. Basically you can't, the connection string parameters UID and PWD are mutually exclusive with trusted_connection=yes.

I would also encourage you to rethink your database connection design. With what you've described, your app will have to manage database connections for every user. Instead, try have a single database connection from your app, and manage user privileges/permissions to database resources via the app.