0

I have a use case where user authentication is handled mainly through SQL Server users. When a user logs in through a WebAPI, it attempts to connect to the db using the username and password entered, if the connection is successful, the user is authenticated and further requests are also made using the entered username and password for db connections.

How can I use these details to initialize the DbContext with DI, if possible?

jarlh
  • 42,561
  • 8
  • 45
  • 63
Akshay Rajpaul
  • 148
  • 1
  • 9
  • Does this answer your question? [Dynamically change connection string in Asp.Net Core](https://stackoverflow.com/questions/36816215/dynamically-change-connection-string-in-asp-net-core) – Ian Kemp Feb 05 '21 at 13:21
  • @IanKemp - I've had a look at that but I'm not sure how to get it to work. I've tried storing the credentials in the session (bad practice) and in the dbcontext factory create, retrieve the them and use it to crreate the DbContext.. but that doesn't work because the context is injected and attempted to be created even before it gets to storing the credentials – Akshay Rajpaul Feb 05 '21 at 13:25
  • 1
    See [Windows Integrated Authetication](https://learn.microsoft.com/en-us/previous-versions/aspnet/bsz5788z(v=vs.100)), you can use Single Sign-On in IIS to authenticate against SQL Server – Charlieface Feb 05 '21 at 13:34
  • @Charlieface - a SQL Server user is not the same as a Windows user so Windows Integrated Security won't work for my scenario – Akshay Rajpaul Feb 05 '21 at 13:42
  • I'm aware of that. I was trying to say: maybe move over to Windows Authentication for SQL Server, it is in any case recommended and is more secure – Charlieface Feb 05 '21 at 13:45
  • @Charlieface - appreciate the suggestion, although I'm trying to find a solution using the existing SQL Server users – Akshay Rajpaul Feb 08 '21 at 07:57

0 Answers0