I have a vendor supplied application that I have very limited access to change. The application controls a machine, and cannot easily be logged off between users (expect up to 5 user changes per hour). I also have to deal with Part 11, and Corporate rules.
The plan is to have a shared login to the PC (AD user), then the application which has to connect to a MS SQL database anyways, will prompt for the user name and password, which it will use for the database connection. (previous user's DB connection will be closed between users). If the user/password does not authenticate, they will not be able to use the application.
I have AD authentication working, and I can connect with Server Management Studio using either a SQL user, or an AD user. The application can also connect using a SQL user. But the application always fails to connect when I attempt to use an AD user (I am only substituting the user/password, I have also tried to prepend the "Domain\" to the user). The application is using the default MS SQL drivers that are loaded when Server Management Studio is installed.
Is this even workable?
Best Answer
Having an application connect would be very different than an end user on SSMS. Applications tend to use connection strings. Your applications connection string or config might need to be modified to connect to the SQL Server as an AD user as opposed to putting in a username/password for a SQL user.
You will want that user to have the same rights as the SQL User and probably want it to own the database. Contacting the vendor might be a good case. Going with AD users gives you more auditing visibility anyways which should please auditors.
Some connection string examples: https://www.connectionstrings.com/sql-server-2012/