Re: Need resources for SQL Server 2000 Application Roles with ASP.NET apps

• Previous message: Chris Dunn: "Re: Need resources for SQL Server 2000 Application Roles with ASP.NET apps"
• In reply to: Chris Dunn: "Re: Need resources for SQL Server 2000 Application Roles with ASP.NET apps"
• Next in thread: Chris Dunn: "Re: Need resources for SQL Server 2000 Application Roles with ASP.NET apps"
• Reply: Chris Dunn: "Re: Need resources for SQL Server 2000 Application Roles with ASP.NET apps"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Andrew J. Kelly" <ajkellynospam@attbi.com>
Date: Fri, 4 Apr 2003 21:26:27 -0500

Chris,

The end user should never be logged directly in to sql server. They are
accessing the asp pages, which in turn will access the database. So the
users should only see what you want them to see since you (the asp code or
middle tier) will be the one calling the stored procedures on the back end.
If userA only needs to see specific rows then you can use the WHERE clause,
views etc to limit what they get returned. An app role is used to
control permissions on objects, not data. You can use an app role that the
middle tier uses to log in with but that's usually overkill and
un-necessary. It is mainly used when you have users logging directly into
sql server and you want to limit their access to certain tables, views etc
or to what they can do with these objects. Maybe I am missing something
here since I am not familiar with the setup but I don't understand why you
would want to give the users direct access (with NT logins) to sql server
when they must use the asp pages to do the work? Since there is no way to
automatically apply the app role if you did give Joe direct access to sql
server what is to stop him from logging in on his own and not thru the asp
app?

-- 
Andrew J. Kelly
SQL Server MVP
"Chris Dunn" <anonymous@devdex.com> wrote in message
news:#Yv1Jww#CHA.2100@TK2MSFTNGP12.phx.gbl...
> I've only used and created Standard Roles within SQL server 2000, and
> have not used Application Roles. I have a need for Application Roles,
> but they had been cumbersome to implement with Access 2000 Projects that
> we intend to replace with ASP.NET applications.
>
> I have also not worked with web applications that require Windows domain
> account authentication.
>
> One of the things I hope to accomplish with my ASP.NET applications will
> be to authenticate the user to the ASP.NET application after they first
> log into Windows with their domain account information. I want to avoid
> having to have the user log into Windows, then have to log in again to
> access the application.
>
> The user could then navigate in our web site to a switchboard type of
> page that would perhaps show them only links that would be applicable to
> applications that they would use (base on their membership in a Windows
> domain group). The form would somehow 'know' who the user is and what
> group they are in, and only display applicable links.
>
> Once the user clicks a particular link for an application, their log in
> information would be authenticated at SQL Server (which uses Windows
> authentication) where they would work in the security confines of an
> Application Role for that application.
>
> I hope this sheds more light on what I'm trying to do. I am looking for
> resources that would help me with this objective.
>
> Thanks!
>
> CSDunn
>
>
>
>
>
> *** Sent via Developersdex http://www.developersdex.com ***
> Don't just participate in USENET...get rewarded for it!

• Previous message: Chris Dunn: "Re: Need resources for SQL Server 2000 Application Roles with ASP.NET apps"
• In reply to: Chris Dunn: "Re: Need resources for SQL Server 2000 Application Roles with ASP.NET apps"
• Next in thread: Chris Dunn: "Re: Need resources for SQL Server 2000 Application Roles with ASP.NET apps"
• Reply: Chris Dunn: "Re: Need resources for SQL Server 2000 Application Roles with ASP.NET apps"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]