Re: why not SQL Authentication?
From: Brock Allen (ballen_at_NOSPAMdevelop.com)
Date: 03/28/05
- Previous message: Pavlos Kariotellis: "why not SQL Authentication?"
- In reply to: Pavlos Kariotellis: "why not SQL Authentication?"
- Next in thread: WJ: "Re: why not SQL Authentication?"
- Reply: WJ: "Re: why not SQL Authentication?"
- Reply: Pavlos Kariotellis: "Re: why not SQL Authentication?"
- Reply: gabe garza: "Re: why not SQL Authentication?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 28 Mar 2005 06:27:11 -0800
The main drawback of SqlAuthentication (authing from browser thru website
thru database) is that connections can't be pooled. For some websites this
is not a concern, but for others where you have huge volume (and/or you're
not doing windows auth against the clients) if you use the client's creds
for SqlAuth then that's an independant connection. So 1000 users on your
site, that's 1000 distinct connections. If you use the same credentials (like
a "SqlUser" account) then those connections get pooled and thus shared. It's
a performance enhancement.
-Brock
DevelopMentor
http://staff.develop.com/ballen
> With Forms authentication and SQL Server, MS recommends creating a
> User
> table and storing user names and password hashes to that table.
> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnne
> tsec/html/SecNetHT03.aspThey go on proposing a Roles table and so on.I
> wonder why not just use SQL Server authentication and just try to
> loginwith the user supplied credentials?
- Previous message: Pavlos Kariotellis: "why not SQL Authentication?"
- In reply to: Pavlos Kariotellis: "why not SQL Authentication?"
- Next in thread: WJ: "Re: why not SQL Authentication?"
- Reply: WJ: "Re: why not SQL Authentication?"
- Reply: Pavlos Kariotellis: "Re: why not SQL Authentication?"
- Reply: gabe garza: "Re: why not SQL Authentication?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
