Powered by Zoomin Software. For more details please contactZoomin

DataDirect Connect for ADO.NET Data Provider Help

Table of Contents

Authentication

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
Print
  • Last Updated: April 16, 2026
  • 4 minute read
    • ADO.NET
    • Documentation

Authentication protects the identity of the user so that user credentials cannot be intercepted by malicious hackers when transmitted over the network. See Authentication for an overview.

The Sybase data provider supports User ID/password authentication authenticates the user to the database using a database user name and password provided by the application.

Kerberos authentication uses Kerberos, a trusted third-party authentication service, to verify user identities. Kerberos authentication can take advantage of the user name and password maintained by the operating system to authenticate users to the database or use another set of user credentials specified by the application.

This method requires knowledge of how to configure your Kerberos environment and supports Windows Active Directory Kerberos and MIT Kerberos.

The data provider’s Authentication Method connection string option controls which authentication mechanism the data provider uses when establishing connections. Alternatively, the data provider can encrypt the user's password as it is sent across the network to the Sybase server. See Using the Authentication Method Connection String Option for information about setting the value for this property.

Using the Authentication Method Connection String Option

The Authentication Method connection string option controls which authentication mechanism the data provider uses when establishing connections.

When Authentication Method=Kerberos, the data provider uses Kerberos authentication when establishing a connection. Use the ServicePrincipalName connection string option to specify the Service Principal Name. The data provider ignores any values specified by the User and Password properties.

When Authentication Method=UserIDPassword (the initial default), the data provider uses user ID/password authentication when establishing a connection. The User ID connection string option provides the user ID. The Password connection string option provides the password. If a user ID is not specified, the data provider generates an exception.

When Authentication Method=EncryptedPassword, the data provider encrypts the user's password when sending it to the Sybase server where password encryption has been enabled. The data provider may use either the Sybase proprietary encryption algorithm or the RSA algorithm based on the encryption type chosen by the server during the login negotiation. This encryption is used only for the password at connect time and only when sending the password across the network to the server.

Note: If any of these values are set, the data provider also can use data encryption by setting the Encryption Method connection string option.

Configuring User ID/Password Authentication

  1. Set the Authentication Method connection string option to UserIDPassword. See Using the Authentication Method Connection String Option for more information about setting a value for this property.

    Alternatively, if the Sybase server has password encryption enabled, set the Authentication Method connection string option to EncryptedPassword.

  2. Set the User ID connection string option to provide the user ID.

  3. Set the Password connection string option to provide the password.

Configuring Kerberos Authentication

This section provides requirements and instructions for configuring Kerberos authentication for the Sybase data provider.

Product Requirements

Verify that your environment meets the requirements listed in the following table before you configure the data provider for Kerberos authentication.

Kerberos Authentication Requirements for the Sybase Data Provider

Component Requirements
Database server The database server must be administered by the same domain controller that administers the client and must be running Sybase 12.5.2 or higher.
Kerberos server The Kerberos server is the machine where the user IDs for authentication are administered. The Kerberos server is also the location of the Kerberos KDC.
Network authentication must be provided by one of the following methods:
  • Windows Active Directory on one of the following operating systems:
  • Windows Server 2012
  • Windows Server 2008
  • Windows Server 2003
  • Windows 2000 Server Service Pack 3 or higher
  • MIT Kerberos 1.4.2 or higher
Client The client must be administered by the same domain controller that administers the database server.

Configuring the Data Provider

To configure the data provider:

  1. Set the Authentication Method connection string option to Kerberos. See Using the Authentication Method Connection String Option for more information about setting a value for this property.

  2. Set the Service Principal Name connection string option to the case-sensitive service principal name to be used for Kerberos authentication. For Sybase, the service principal name is the name of a server configured in your Sybase interfaces file.

    The value of the Service Principal Name connection string option can include the Kerberos realm name, but it is optional. If you do not specify the realm name, the default realm is used. For example, if the service principal name, including Kerberos realm name, is server/sybase125ase1@XYZ.COM and the default realm is XYZ.COM, valid values for this connection string option are:

server/sybase125ase1@XYZ.COM

and

server/sybase125ase1

Specifying User Credentials for Kerberos Authentication (Delegation of Credentials)

By default, when Kerberos authentication is used, the Sybase data provider takes advantage of the user name and password maintained by the operating system to authenticate users to the database. By allowing the database to share the user name and password used for the operating system, users with a valid operating system account can log into the database without supplying a user name and password.

Many application servers or Web servers act on behalf of the client user logged on the machine on which the application is running, rather than the server user.

Obtaining a Kerberos Ticket Granting Ticket

To use Kerberos authentication, the application user first must obtain a Kerberos Ticket Granting Ticket (TGT) from the Kerberos server. The Kerberos server verifies the identity of the user and controls access to services using the credentials contained in the TGT. If the application uses Kerberos authentication from a Windows client and the Kerberos authentication is provided by Windows Active Directory, the application user is not required to log onto the Kerberos server and explicitly obtain a TGT. Windows Active Directory automatically obtains a TGT for the user.

The application user must explicitly obtain a TGT in the following cases:

  • If the application uses Kerberos authentication from a UNIX or Linux client
  • If the application uses Kerberos authentication from a Windows client and Kerberos authentication is provided by MIT Kerberos
TitleResults for “How to create a CRG?”Also Available inAlert