| title | description | author | ms.author | ms.date | ms.service | ms.subservice | ms.topic |
|---|---|---|---|---|---|---|---|
Integrated Kerberos authentication (OLE DB driver) |
Learn how to get mutual Kerberos authentication by using OLE DB in OLE DB Driver for SQL Server with this example. |
David-Engel |
davidengel |
02/18/2022 |
sql |
connectivity |
reference |
[!INCLUDE SQL Server]
[!INCLUDEDriver_OLEDB_Download]
This sample shows how to get mutual Kerberos authentication by using OLE DB in OLE DB Driver for SQL Server. This sample works with [!INCLUDEsql2008-md] and later versions.
For more information about SPNs and Kerberos authentication, see Service Principal Name (SPN) Support in Client Connections.
You must specify a server. In the .cpp file, change "MyServer" to a machine name that has an instance of [!INCLUDEsql2008-md] and later versions.
You will also have to specify a customer-provided SPN. In the .cpp file, change "CPSPN" to a customer-provided SPN.
Make sure your INCLUDE environment variable includes the directory that contains msoledbsql.h. Compile with ole32.lib oleaut32.lib.
// compile with: ole32.lib oleaut32.lib
#pragma once
#define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers
#include <stdio.h>
#include <tchar.h>
#include <msoledbsql.h>
#define CHECKHR(stmt) \
do\
{\
hr = (stmt);\
if (FAILED(hr))\
{\
printf("CHECK_HR " #stmt " failed at (%hs, %d), hr=0x%08X\r\n", __FILE__, __LINE__, hr); \
goto CleanUp; \
} \
} while (0)
#define SAFERELEASE(p) \
do\
{\
if ((p) != nullptr)\
{\
p->Release(); \
p = nullptr; \
} \
} while (0)
int _tmain(int argc, _TCHAR* argv[])
{
HRESULT hr = S_OK;
IDBInitialize* pInitialize = nullptr;
IDBProperties* pProperties = nullptr;
DBPROP rgDBProp[1] = {};
LPCWSTR lpwszProviderString = L"Server=MyServer;" // server with SQL Server 2008 (or later)
L"Trusted_Connection=Yes;"
L"Encrypt=Mandatory;"
L"ServerSPN=CP_SPN;"; // customer-provided SPN
DBPROPSET* prgPropertySets = nullptr;
ULONG cPropertySets = 0;
CHECKHR(CoInitialize(nullptr));
CHECKHR(CoCreateInstance(CLSID_MSOLEDBSQL, nullptr, CLSCTX_INPROC_SERVER, __uuidof(IDBProperties), reinterpret_cast<void**>(&pProperties)));
// set provider string
rgDBProp[0].dwPropertyID = DBPROP_INIT_PROVIDERSTRING;
rgDBProp[0].dwOptions = DBPROPOPTIONS_REQUIRED;
rgDBProp[0].colid = DB_NULLID;
VariantInit(&(rgDBProp[0].vValue));
V_VT(&(rgDBProp[0].vValue)) = VT_BSTR;
V_BSTR(&(rgDBProp[0].vValue)) = SysAllocString(lpwszProviderString);
{ // set the property to the property set
DBPROPSET PropertySet[1] = {};
PropertySet[0].rgProperties = &rgDBProp[0];
PropertySet[0].cProperties = 1;
PropertySet[0].guidPropertySet = DBPROPSET_DBINIT;
// set properties and connect to server
CHECKHR(pProperties->SetProperties(sizeof(PropertySet)/sizeof(DBPROPSET), PropertySet));
}
CHECKHR(pProperties->QueryInterface<IDBInitialize>(&pInitialize));
CHECKHR(pInitialize->Initialize());
{ // get properties
DBPROPIDSET rgDBPropIDSet[1] = {};
DBPROPID rgDBPropID[2] = {};
rgDBPropID[0] = SSPROP_INTEGRATEDAUTHENTICATIONMETHOD;
rgDBPropID[1] = SSPROP_MUTUALLYAUTHENTICATED;
rgDBPropIDSet[0].rgPropertyIDs = &rgDBPropID[0];
rgDBPropIDSet[0].cPropertyIDs = 2;
rgDBPropIDSet[0].guidPropertySet = DBPROPSET_SQLSERVERDATASOURCEINFO;
CHECKHR(pProperties->GetProperties(1, rgDBPropIDSet, &cPropertySets, &prgPropertySets));
}
wprintf(L"Authentication method: %s\r\n", V_BSTR(&(prgPropertySets[0].rgProperties[0].vValue)));
wprintf(L"Mutually authenticated: %s\r\n",
(V_BOOL(&(prgPropertySets[0].rgProperties[1].vValue)) == VARIANT_TRUE) ? L"yes" : L"no");
CleanUp:
SAFERELEASE(pProperties);
SAFERELEASE(pInitialize);
if (prgPropertySets)
{
for (ULONG iPropSet = 0; iPropSet < cPropertySets; ++iPropSet)
{
for (ULONG iProp = 0; iProp < prgPropertySets[iPropSet].cProperties; ++iProp)
{
VariantClear(&prgPropertySets[iPropSet].rgProperties[iProp].vValue);
}
}
}
VariantClear(&(rgDBProp[0].vValue));
CoUninitialize();
}