RE: Membership - Database Security
- From: stcheng@xxxxxxxxxxxxxxxxxxxx (Steven Cheng[MSFT])
- Date: Thu, 19 Oct 2006 02:39:55 GMT
Hello Rbfigueira,
From your description, you have multiple ASP.NET 2.0 Web appliations thatwill use membership/role services to secure themselves. However, you're
wondering whether it is proper to store these applications's
membership/role data in a shared database or separately, correct?
I think your analysis about the shared database condition is reasonable.
Yes, if we configure multiple ASP.NET 2.0 application's membership provider
to use the same shared database, each SqlMembershipProvider should use a
different "ApplicationName" so that their data can be identified correctly.
Also, your worry is correct that if another new application join and also
use the same membership database and incorrectly configure with an
"ApplicationName" duplicated to another existing application, it will use
the existing membership data of that application incorrectly.
For such scenario, I think you can consider the following solution:
1. Still configure multiple ASP.NET applications to use the shared
membership database, however, you make the user/roles management (insert,
update...) in a separate admin application so that the membership data can
only be modified through that admin web application(connect to sql through
a particular login with powerful permission). And for normal web
application, the windows security identity or sql login(if you use sql
connection in connectionstring) only has read-only permission( this is
necessary for application's membership/role validation and querying ...).
2. Use separate database for each web application, this will completely
prevent application's data being corrupted though it may add data storage
overhead.
How do you think? Please feel free to let me know if you have any other
questions or ideas on this.
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.
Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
.
- Follow-Ups:
- RE: Membership - Database Security
- From: rbfigueira
- RE: Membership - Database Security
- Prev by Date: Re: CRL And C#
- Next by Date: Re: Need for encryption in WSE 3.0 if using SS-avoid man-in-middle
- Previous by thread: CRL And C#
- Next by thread: RE: Membership - Database Security
- Index(es):
Relevant Pages
|
|
