Static Credentials

A new week comes with new issues… I ran into an interesting issue today with Windows integrated security and SharePoint. I was troubleshooting an issue on a behalf of a Windows user that connects to an SSAS server. To repro the issue, I used the SharePoint “Sign in as a different user” feature. To facilitate testing, I decided to save the password in the standard Windows authentication dialog that follows (“Remember my password” checkbox).

After this “convenient” setup, to my surprise all calls to that server went the credentials of that user, including connections to the cube from SQL Server Management Studio and Excel! For example, when I connected to the SSAS database with SSMS and attempted to manage the server, I was greeted with the following message although I have admin rights to the server:

The connected user is not an Analysis Services server administrator. Only an administrator can make changes to server properties. (Microsoft.AnalysisServices.ManagementDialogs)

The SQL Server Profiler revealed that indeed the server impersonates any call under that user. Not sure what exactly happens when you save the password but be careful of this issue with “static” credentials. To correct the issue, use the Sign in as a different user feature again but don’t check the Remember my password option.