Server based Authentication MSSQL

  • Hi,

    Is there a way in MSSQL to authenticate a particular user and server to access a DB.

    Like "ABC" user from "10.x.x.x" IP allowed to access "ABCDB"

    Please guide me is there any other way to achieve this kind of restriction.


    Joythi S

  • If you want a user only to be used from a certain address, you should first create your UserId_to_IPAddress table and then use a logon trigger (you need at least SP2 !)

    Be very careful with this kind of restrictions !

    could be something like:

    CREATE TRIGGER S_tr_DBA_ConnectionTracker



    execute as owner -- check bol for these options !



    set nocount on

    If NOT exists (

    Select 1

    from master.dbo.yourtable T

    inner join sys.dm_exec_sessions ES

    on ES.[session_id] = @@spid

    -- and ES.[host_name] = T.[host_name]

    -- and ES.[program_name] = T.[program_name]

    -- and ES.[nt_domain] = T.[nt_domain]

    -- and ES.[nt_user_name] = T.[nt_user_name]

    and ES.[login_name] = T.[login_name]

    -- and ES.[original_login_name] = T.[original_login_name]

    inner join sys.dm_exec_connections EC

    on EC.[session_id] = @@spid

    and EC.[client_net_address] = T.[client_net_address] )


    Raiserror('SYSADMIN MESSAGE: Connection Not allowed (s) ',1,1,suser_sname()) with log;

    rollback tran




  • Do we need to create the table for every DB. Please advise

  • No. And keep in mind that this logon trigger is only going to fire when they first connect. Once they are in SQL Server, you can't prevent them from changing to a database they have access to.

    K. Brian Kelley

