Creating a trusted connection with IBM Data Server Provider for .NET

You can create a trusted connection with the .NET provider with the TrustedContextSystemUserID and TrustedContextSystemPassword connection string keywords.

The following keywords are available in the connection string:
  • TrustedContextSystemUserID, or tcsuid, which specifies the trusted context SYSTEM AUTHID to be used with the connection.
  • TrustedContextSystemPassword, or tcspwd, which specifies the password corresponding to the trusted context SYSYTEM AUTHID to be used with the connection.
If the TrustedContextSystemPassword keyword is specified without a TrustedContextSystemUserID keyword value, an InvalidArgument exception is thrown. The UserID keyword is also required in a trusted context scenario.

IBM Data Server Provider for .NET supports trusted context with Db2® and Db2 for z/OS® servers.

Example

Suppose a trusted context has been established on the server with the following information:
CREATE TRUSTED CONTEXT ctxName1
BASED UPON CONNECTION USING SYSTEM AUTHID masteruser
ATTRIBUTES ( PROTOCOL 'TCPIP',
             ADDRESS '9.26.146.201',
             ENCRYPTION 'NONE' )
ENABLE
WITH USE FOR userapp1 WITH AUTHENTICATION, userapp2 WITH AUTHENTICATION;
The SYSTEM AUTHID, masteruser, has a corresponding password, masterpassword. Each specific user/application, userapp1, and userapp2, has a corresponding password, passapp1 and passapp2.
In order to use this trusted context, applications would issue connection strings as follows:
  • Application 1
    database=db;server=server1:446;
UserID=userapp1;Password=passapp1;
TrustedContextSystemUserID=masteruser;TrustedContextSystemPassword=masterpassword
  • Application 2
    database=db;server=server1:446;
UserID=userapp2;Password=passapp2;
TrustedContextSystemUserID=masteruser;TrustedContextSystemPassword=masterpassword
Note: The UserID keyword corresponds to the end user of the connection in a trusted context situation, just as in standard applications.

Following .NET program open and close a connection:

[C#]
DB2Connection conn = new DB2Connection();

conn.ConnectionString = "database=db;server=server1:446;"
     + "UserID=userapp1;Password=passapp1;"
     + "TrustedContextSystemUserID=masteruser;"
     + "TrustedContextSystemPassword=masterpassword;"

conn.Open();

// Do processing as userapp1, such as querying tables

conn.Close();

conn.ConnectionString = "database=db;server=server1:446;UserID=userapp2;"
     + "Password=passapp2;TrustedContextSystemUserID=masteruser;"
     + "TrustedContextSystemPassword=masterpassword;"

conn.Open();

// Do processing as userapp2

conn.Close();

If the trusted context processing fails because no trusted context was set up on the server, or the server does not support trusted contexts, an error with SQLCODE CLI0197E will be thrown. If the TrustedContextSystemUserID keyword value is invalid (too long, for example), an error with SQLCODE CLI0124E will be thrown. The server might report an error with SQLCODE SQL1046N, SQL30082N, or SQL0969N with a native error code of -20361. Any of these errors will cause Open() to fail.

Note: The trusted context processing happens on the next communication with the server.