Re: What's best practice for connecting to a Sql Server database

I doubt you are moving to IIS 8 yet since IIS 7 is the version shipping in
2008 server and Vista. :)

That said, I generally prefer using Windows auth over SQL auth when possible
as it makes it possible to centrally manage accounts in AD. However, some
customers may prefer to use SQL auth. Providing an option is probably a
good idea.

Which account to use should also be something the customer can choose, but
when using Windows auth in an architecture like yours (which looks like it
uses a fixed service account), using the IIS process identity to access SQL
is usually the easiest thing. The customer can configure whatever app pool
identity they want to use to access SQL that way.

As to whether they use groups to grant access to SQL or grant access
directly to specific security principles should be their decision as well.
I do recommend you use roles in SQL to abstract your permissions at the
database level so they can assign whatever principle they want to your roles
in order to grant the correct set of privileges at the SQL to the app.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"David Thielen" <thielen@xxxxxxxxxxxxx> wrote in message
news:749gb4pvsluef788rk7hieut23uavpq72d@xxxxxxxxxx
Hi;

Back in the old old days of .NET 2.0 on IIS 7 the best practice was
that the web app ran under a user that had very weak rights and the
connection string had the uname/pw to connect to the database.

We are now moving up to Windows 2008 and IIS 8 and I have a developer
here telling me that best practives now are to get the web app the
rights needed to connect to the database and use integrated security
in the connection string. Is this the case?

And if so:

1) What username should the web app run under?

2) Do we assign that user rights to access the database or do we
create a group that can do so and assign that group across?

thanks - dave

david@at-at-at@windward.dot.dot.net
Windward Reports -- http://www.WindwardReports.com
me -- http://dave.thielen.com

Cubicle Wars - http://www.windwardreports.com/film.htm


.

Relevant Pages

  • Login failure from asp.net delegation
    ... We want to use windows 2000 User auth to query sql 2000 using security ... checked "Integrated Windows Auth" in IIS and have added this to web.config. ... I have not added a login to the database since i thought it passes in the ...
    (microsoft.public.sqlserver.security)
  • Re: How to read data from stand alone SQL CE database on mobile device from VB.net 2005
    ... server running IIS to make the connection. ... the IIS requirement for SQL Server but I don't know. ... I have a stand alone SQL CE database on my windows mobile device. ...
    (microsoft.public.sqlserver.ce)
  • Delegation not working, please help
    ... We want to use windows 2000 User auth to query sql 2000 using security ... checked "Integrated Windows Auth" in IIS and have added this to web.config. ... I have not added anything to the database since i thought it passes in the ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: SQL Server or IIS
    ... > user accounts to authenticate to SQL when they access the ... > database over the web. ... > is the database that locks them out or IIS. ...
    (microsoft.public.sqlserver.security)
  • double hop issue? Not sure anymore
    ... I have a web app that accesses a SQL Sever. ... I have a win2k server with IIS 5 on it and when i deploy my app to this ... that the anonymous access is diabled in IIS and integrated security is ...
    (microsoft.public.dotnet.framework.aspnet.security)