I'm working with the CallerIdentityLoginModule to passthrough the caller credentials to the database and having some difficulty when the database is hit on another thread.
The call sequence goes as follows:
If everything is handled on a single thread there is no issue. The CallerIdentityLoginModule performs as advertised and all is well. But we're running scheduled jobs through Quartz and these may fire at any time and must run as a specific user; so I need to get the above scenario functioning somehow.
I'm at a point now where I'm thinking I'll need to intercept the user's credentials, encrypt and store them in Derby (or somewhere), and then add the key to the credentials as part of the job. Then, when the job fires it can login to the application as part of the process and the underlying database connection will begin to work.
Is that the best way to accomplish this? Other ideas? opinions?
We'd rather not store user credentials in the application of course, but I'm not seeing another way to do what I'm trying to do at this point.