Windows vs. Database Authentication

What can be said about this? Windows vs. Database Authentication What is the best and why? And why not? Best regards, Erik P. Ernst, webmaster Navision Online User Group

Currently, I’d recommend database authentication over Windows Authentication. Primarily because you can’t store Windows logins per printer or in the User setup for G/L. Furthermore, Advance Distribution stores users per locations and you’d only can use database users. Just a few thoughts off the top of my head. /Michael

Probably practicalities like those in the previous post are more important, but from a pure technical standpoint Windows Authentication is the better option. It employs the unified login idea introduced wayback by NT to allow applications to hook into the operating system login mechanism, and therefore benefit from the high security used there. Basically, the OS is doing the authentication on behalf of the client and server (in this case Attain and Navision Server or SQL Server). It is also integrated into other services which Microsoft churn out, like Active Directory. In future version of the OS, and back office products, this type of authentication will endure and be improved upon. Whereas proprietary login systems (like the original SQL Server logins), which mostly use encryption on clear-text passwords, will eventually be partially or not supported. Oh, and the user-convinience might also be a reason. I certainly dislike logging into any other system I use once I have logged into my Windows network.

Does this mean that the Windows Authentication works similar to the old Unified Logins? Best regards, Erik P. Ernst, webmaster Navision Online User Group

I prefer Windows authentication since it’s a convenient way for the users to access Navision. Erik: One difference is that the PC from where You add the users must belong to the same domain as the user who will use the ID. Michael: If You add the code below to the OnInsert Trigger in table 2000000054 (Windows login) Your problem is solved (excuse me for using swedish field names). IF NOT DBuser.GET(ID) THEN --BEGIN ----DBuser.INIT; ----DBuser.“Användar-ID” := ID; ----DBuser.Namn := Namn; ----DBuser.“Upphör datum” := TODAY; ----DBuser.INSERT; --END; //Lars

Yes, Windows Authentication is Unified Login, and has other names depending on what application is used. SQL Server (and Attain etc) now uses the term Windows Authentication.

About the printer selection and other lookups to the User table. The problem is that all relations from User ID fields go to the database login table (The old user table). This is solved in User Portal, and in Attain 3.00. You can steel, eeeh I mean loan the code from those versions. You need: Table 387 Form 578 Codeunit 418 On the User ID-fields around the applicatiion e.g. printer selection you must add: User ID - OnValidate() LoginMgt.ValidateUserID(“User ID”); User ID - OnLookup() LoginMgt.LookupUserID(“User ID”); Where loginMgt points to the Codeunit. You can however use Windows-login in the printertable WITHOUT this, there is just no LookUp, but just type the USERID an it will work.

If using the window authentication, is any issue on the security filter???

In a slightly different vein, it appears to me as a developer working in several different versions of Financials and Attain in parallel on the same desktop system, that I must use database authentication. My presumtion is that otherwise I don’t access the correct ZUP file for the specific version I am opening. My development copies of Navision all operate in single user mode, i.e. no server running. Anyone else run into a similar issue? Dave Studebaker das@libertyforever Edited by - daves on 2001 Sep 05 16:42:39

First, there shouldn’t be any issues relating to the security filters. As to my previous comments those were based on 2.60.E. With the latest world wide release everything that you can do with database logins seems to work just fine with Windows logins (authentication). Dave in regards to your statement - create a shortcut and specify the id= for the name of your zup file. I haven’t had any problems with mine regardless of whether I log in via windows or database authentication.

I would ALWAYS chose database authentication, because I think that most users have a poor security when it comes to passwords on screen savers. And a screensaver password kan easily be hacked. Palle Arentoft, Product Manager Aston Naviteam A/S Denmark Email :

We had another serious problem with windows authentification. User in different domains were using NAVISION with terminal server. If you have two different user with the name “USER” they can login to the system because their name is domain1/user domain2/user Both can work with NAVISION. If they are printing a report their User-ID will be USER . We have a filter because one user must not see time informations of the other ones. In the upper case the filter will show the datas of both employees. We changed to database authentification. Using SQL this means a lot of work. The solution would be very simple. The result of USER-ID must be domain/user. Gerhard Weiss NAVIConsult Graz / Austria