Re: How to implement Windows Authentication?
- From: Peter <Peter@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 31 Jan 2008 10:25:00 -0800
Hi Uri,
Good question. Ideally, the login should be created outside the
application. The question is who is going to do that. I think the
followings are possible candidates:
1. DBA
2. Person who will install the application
3. Application Installer
4. Application (1st time running and a default group/user of the
application will be created)
5. Person who will create groups/users in the application
6. Application Administrator if not same as 5
7. Domain Administrator
8. Application User
The environments I'm dealing with are:
1. Companies w/ DBA or w/o DBA
2. Candidate 2 may have no or limited SQL knowledge. The only thing he/she
knows or can obtain is the SQL login (most likely sa) or Windows Login which
have necessary permissioins to create sql login and databases.
Since I cannot rely on candidates 1 and 2, I think about creating the login
in the Application Installer (candidate 3) but candidate 2 may not know all
the Windows groups/users who will run the application.
Besides deciding how to create the login, I also need to know how many
logins should be created. For SQL Authentication, it is acceptable to use
one sql login. For Windows Authentication, should I add Windows groups or
individual Windows users to SQL Server? If adding windows groups to SQL
Server, should they be windows groups which are created just for the
application or existing windows groups?
I wonder how other applications handle the creating of logins (the
authentication area). Information I can find is authorization area.
"Uri Dimant" wrote:
Peter.
Sorry for asking you, but why would you want that app creates a login ?
Why not create a login (whatever) in the first place
Everytime you launch the application it needs to check whether or not a
login already created?
Logins are for access to the SERVER
Users are for access to the DATABASE
"Peter" <Peter@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:5CD9DD04-318A-4803-B120-3E26F49DCFD3@xxxxxxxxxxxxxxxx
I want to create an application which can work with SQL Server 2005/2008
using Windows Authentication or SQL Authenticaton.
If the application is configured to use SQL Authentication (SQL Server is
configured to use SQL Server and Windows Authentication mode), the
application will create a SQL Login which has enough permission to create
databases used by the application and that SQL Login will also be used by
the
application to access the databases. In order to create the SQL Login,
the
application will ask for a login which has enough permissions to create
the
SQL login needed by the application.
If the application is configured to use Windows Authentication, what
should
the application do? For sure, the application will not create Windows
groups/users in Active Directory. Should the application add Windows
groups/users as SQL Logins? Is there any guideline in creating
application
to access SQL Server using Windows Authentication from having no user
databases in SQL Server to having user databases in SQL Server?
- References:
- Re: How to implement Windows Authentication?
- From: Uri Dimant
- Re: How to implement Windows Authentication?
- Prev by Date: Re: How to implement Windows Authentication?
- Previous by thread: Re: How to implement Windows Authentication?
- Index(es):
Relevant Pages
|
|
