Everything I've seen and experienced so far suggests that you must use Windows Authentication if you want to access a file via Win32 from within the a databases filestream store but is it possible to use jsut SQL authentication somehow?
No, you have to use Windows Authentication.
See the official team Web Log for Microsoft Customer Service and Support (CSS) SQL Support:
How It Works: File Streams Requires Integrated Security (Windows Authentication)
Related
I'm currently trying to integrate an existing Blazor Server (ASP.NET Core 6.0, server-side only) application with my company's Keycloak authentication services. I need to use the existing .NET Authentication/Authorization libraries with the Keycloak - the Keycloak will hold all the relevant User data I need to access (e.g. ID, name, passwords, etc.) and use that data as query parameters to access the data stored in PostgreSQL. I've seen that this is possible with Microsoft SQL Server, so I'm wondering if the following is even possible:
Using something other than Microsoft SQL Server or SQLite to handle Authentication with .NET
Using a remote server database to handle Authentication instead of a local .db migration
Accessing Keycloak data for authentication instead of data stored in said local .db migration
If all of this is possible on Blazor Server instead of WebAssembly
There's tons of documentation on how to use SQL Server in a WebAssembly for authentication, but what little documentation exists for Blazor Server, and Keycloak, is for older .NET versions (usually 2.0) and very, very basic use cases. There's also questions already asked but haven't been answered. I'm still very new to Web development and Blazor, so if this isn't even possible, I wouldn't be surprised.
Google Apps Script JDBC doesn't support a connection to PostgreSQL directly but Google Data Studio supports a connection to PostgreSQL to pull data and build reports. I've also heard they support a low-key export to .csv option. Is it then possible to exploit the Data Studio Service in Google Apps Script to populate Google Sheets with that data, effectively creating a workaround?
All I need is a one-way access from PostgreSQL into Google Sheets by means of Google Apps Script, I do NOT expect to import anything back into my database.
Looking at the reference documentation, the built-in Apps Script service for DataStudio does not allow you to pull data from a connected data source. It can be used to create connectors but its does not allow direct access to connected data sources.
However, you can try creating a custom API or server-less mirco-service in a language that supports PostgreSQL, and then expose that service as HTTP endpoints that you can call via URLFetchApp. You can leverage Google Cloud Functions to do this and write the mirco-service in either back-end Javascript(Node.js), Python or Go. This approach will take you well-outside the bounds of your typical GAS script, but it is a viable option.
I have an application which uses LDAP authentication against AD, which works fine. However the UserDN and password for accessing LDAP are in clear text in the config files, and I would like to avoid clear text passwords.
In Softerra LDAP browser you have the option to authenticate with "Currently logged in user", does anyone know if this type of Windows Authentication is possible with Spring LDAP? Or is there perhaps another way to avoid credentials in config files (like using the credentials of the user trying to authenticate)?
With Microsoft SQL server, it is possible to do Windows Authentication via JDBC, since Microsoft provides some native code, has anyone heard about a similar functionality when using LDAP against AD?
"Currently logged in user"
this may mean that Kerberos based SASL authentication is used
You may check
https://docs.spring.io/spring-security-kerberos/docs/current/reference/htmlsingle/#ssk-kerberosldap
and
https://docs.spring.io/autorepo/docs/spring-security-kerberos/1.0.1.RELEASE/api/org/springframework/security/kerberos/client/ldap/KerberosLdapContextSource.html
The latter shows how the Kerberos ticket cache can be used.
I am looking to access a local instance of Couchbase Server through its REST API. The HTTP GET requests are sent from Java.
The problem I am currently running into has to do with authorization.
Specifically, I have managed to use Couchbase's Basic Authorization, but only by obtaining the hashed credentials (bG9jYWw6dHdlZXRzOnBBc3Mx in the example linked to above) by monitoring a Couchbase browser session using Chrome's developer tools and inspecting the request headers.
Now, another Couchbase article mentions that Couchbase uses SHA-1 in compliance with SCRAM. However, no mention is made of how to obtain the 'salt' and 'iterations' parameters from Couchbase. Which, I assume I need to go from the credentials to the challenge solution (i.e. hashed string)
So, the question is as follows: how to get from the credentials (user="local:tweets", pass="pAss1") (from the example of the first link) to bG9jYWw6dHdlZXRzOnBBc3Mx?
Thanks in advance,
Thomas
SCRAM SHA-1 support is only for the Data (K/V) service and only through certain Couchbase SDKs which use the memcached binary protocol. The Java SDK does have support for SCRAM SHA-1.
The REST interface you appear to be using is N1QL's API. That does not support SCRAM SHA auth.
If you're looking to give some other application HTTP access, my recommendation would be to write a small Java app with Spring Boot or the like and use the Java SDK from there. Then you have complete control over how auth is done at the REST interface. A colleague wrote one of these just the other day. Note that even in this case, the Java SDK won't be using SCRAM when running N1QL queries, but you can use that as a point of control.
Is it possible to have a Java process running on linux access EWS using kerberos only without the need of a pre-defined username/password combination?
My current system architecture consists of a Java process that accesses EWS using a stored username/password combination. Requirement is to ensure that the credentials under which the Java process runs are authenticated on Exchange using Kerberos.
Is it possible to have this setup?
yes, it should be possible to authenticate to EWS using Kerberos. You can Java GSSAPI to get the Kerberos tickets (from the ticket cache or prompt the user). There is a Java GSS Sample program at http://docs.oracle.com/javase/1.5.0/docs/guide/security/jgss/tutorials/BasicClientServer.html
Your question seems to be more on what Java can do versus what Exchange/IIS can do. I don't know Java well at all, however I do know EWS and IIS topics well.
Here is something to keep in mind - IIS does the authentication and not EWS. You could do an HTTP GET on a file in a virtual folder on an IIS server to verify that your API works. If you can authenticate to IIS, then EWS should work. Now having said that you also need do consifer access issues - ie impersonation and delegateion - you will need to be sure you have the needed content in the EWS XML and have the correct Exchange settings for Impersonation and correct folder permissions set for delegation.
Yes, it is possible. It is already implemented in "JWebServices for Exchange", Java API for EWS
You ticket a TGT in the ticket cache or a keytab for that account.