Windows Impersonation and SQL rights

Question

I've used the technique in this question to impersonate the Windows User who has admin rights over a database. I thought that this would allow the process to alter tables etc (which if I'm logged on as that person I'm able to). My connection string uses IntegratedSecurity and after I prompt the user for db admin username & password I impersonate that user and then reconnect to the database. I thought this would allow me to create tables etc, but no ...

Is there something else I need to do to give my program (temporary) admin rights to my database?

I've tried following the impersonation with EXECUTE AS LOGIN = @user, but it wasn't happy - do I need to supply a password to SQL as well to make that work, perhaps?

Answer 1

You can either add a role to the logins you want to use, or grant specific permissions. The second is typically the preferred method, as you can be much more granular in the amount of access provided to the account.

Answer 2

You may well be having a problem with the Connection Pool. When a process closes a connection, the connection is not in fact closed, but goes to the processes Connection Pool. The next time that process tries to open a connection it will get one from the pool if that connection in the pool has the same connection string as the requested new connection. Thus you likely aren't getting a new connection at all, but an already opened one with the auths of the original opener.

The only way around this I can see is to use a different connection string for the admin user: add or remove a clause that makes no difference (e.g. 'MARS Connection=true' or something). That should work.

Cheers -