All geek questions in one place

How to use Windows authentication with SQL server docker container

I looked through all the examples that I could find on the Internet to create applications on the docker platform. I would like to run two services running in two docker containers:

  • Windows container with ASP.NET
  • Windows Container with SQL Server

Easy work and lots of examples. However, in all the examples, you need to use SQL authentication and provide a strong SA password as an environment variable when starting the SQL server container. You also need to hardcode the SA password in the connection string in the ASP.Net code (or provide it in some other way in the configuration file, etc.).

In the bottom line in all examples, the password is somewhere hardcoded.

In most of the applications that we are developing now, we actually use Windows authentication or instead use a grouped account for a managed service. But as far as I know, you cannot add a Windows container to the domain, so the SQL server is not part of the Windows domain, so I see no way to use Windows authentication here.

Does anyone have an alternative to hard coding passwords this way?

+9
source share
4 answers

I am dealing with the same problem. Here is the most complete procedure I have found. The trick is to use gMSA.

But, as JanneRantala says at the end, I have the same problem when trying to add a new user to the database:

Msg 15401, Level 16, State 1, Line 3 Windows NT user or group "YOUR_DOMAIN \ gmsa $" was not found. Check the name again.

+1
source

Windows Authentication is automatically enabled in Windocks SQL Server containers. See here for more details. The SQL Server containers created in Windocks are instances of SQL Server created automatically from the default SQL service that is already installed on Windows Server (2012 R2 or 2016). Any Windows accounts in the instance are automatically included in container instances by default.

+1
source

Here's a walkthrough on how to make it work. Walkthrough Windows Containers

This will not work, although your SQL also works in the container, since the SQL server itself must be part of Active Directory in order to be able to use GMSA accounts.

0
source

Please view my article https://www.codeproject.com/Articles/1272546/%2FArticles%2F1272546%2FAuthenticate-Net-Core-client-of-SQL-Server-with-In . It shows you how to connect to the SQL server using the built-in security.

-1
source

Source: https://habr.com/ru/post/1262085/

More articles:


All Articles