Re: SQL Connectivity by Web App
From: Alek Davis (alek_xDOTx_davis_xATx_intel_xDOTx_com)
Date: 06/21/04
- Next message: Roy: "CAC Card Access"
- Previous message:
ike: "SQL Connectivity by Web App" - In reply to:
ike: "SQL Connectivity by Web App" - Next in thread:
ike: "Re: SQL Connectivity by Web App" - Reply:
ike: "Re: SQL Connectivity by Web App" - Reply:
ike: "Re: SQL Connectivity by Web App" - Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 21 Jun 2004 09:56:08 -0700
Mike,
The most common approach to this common problem is to specify SQL
credentials in the connection string. The downside here is that you need to
protect the connection string at storage, which is a challenge, but unless
you have certain specific conditions, you do not have many alternatives. If
you want to propagate user's credentials to SQL server, you have to enable
delegation at the AD domain level, which is not a good idea from security
perspective. And what is worse, your app will not be able to use connection
pooling, so the scalability goes down he drain. If you want to connect to
SQL Server using credentials of the IIS worker process, you either need to
run the IIS process as a domain user or set them identically on both the SQL
serve and Web server using a local account (with the same password). I don't
think that either of these options is good, because if you do this (for one,
any application running under your Web site will be able to connect to SQL
server with privileged rights). The bottom line here is that you will
introduce more problems than you solve. Just go with the SQL credentials in
the connection string. From my experience, this is what most enterprise apps
do.
Alek
"<M>ike" <mikedotdinnisatabraxas-ukdotcom> wrote in message
news:uO3P$j6VEHA.2840@TK2MSFTNGP11.phx.gbl...
> Hi,
>
> To start with, i'm not too sure if this is the right group to be posting
in
> so please let me know if these is a more suitable one.
>
> I am trying to get my head around the mechanics behind .NET web
applications
> accessing SQL databases located on another pc. My current scenario is that
> both PC's (IIS5 and SQL2000) are on the same domain but are physically
> different. I wish to retrieve data from the database to include in the
> asp.net application. As far as I can see I have two options when building
> the connection:
>
> a) pass credentials in a connection string;
> b) change the impersonated user to a domain account with sql priivaleges.
>
> I notice that the SQL box is set to use windows authentication. Does this
> make a difference?
>
> What I am looking for is are links to resources discussing the matter to
> determine which method is best, if the are other methods and how to set up
> the solution.
>
> Any help would be appreciated.
>
> Regards,
>
> <M>ike
>
>
- Next message: Roy: "CAC Card Access"
- Previous message:
ike: "SQL Connectivity by Web App" - In reply to:
ike: "SQL Connectivity by Web App" - Next in thread:
ike: "Re: SQL Connectivity by Web App" - Reply:
ike: "Re: SQL Connectivity by Web App" - Reply:
ike: "Re: SQL Connectivity by Web App" - Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
