Re: sql server connection

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Patrice (nobody_at_nowhere.com)
Date: 10/04/04 

Date: Mon, 4 Oct 2004 19:18:24 +0200

You can encrypt this.

See :
http://support.microsoft.com/default.aspx?scid=kb;en-us;329290

Patrice 

-- 
"Nikhil Patel" <donotspam@nospaml.com> a écrit dans le message de
news:eld1QVjqEHA.3868@TK2MSFTNGP15.phx.gbl...
> Hi Steve,
>    Thanks for your reply. The reason why I am using windows authentication
> is that I don't want to write password in the web.config. So your method
> will not work in this case. I don't know too much about ASP.Net Security
and
> Data Access Security. I was reading MSDN regarding these topics and I
found
> the following section:
>
> Avoid impersonation in the middle tier: Windows authentication requires a
>
> Windows account for database access. Although it might seem logical to use
>
> impersonation in the middle tier, avoid doing so because it defeats
> connection
>
> pooling and has a severe impact on application scalability.
>
> To address this problem, consider impersonating a limited number of
Windows
>
> accounts (rather than the authenticated principal) with each account
> representing
>
> a particular role.
>
> For example, you can use this approach:
>
> 1. Create two Windows accounts, one for read operations and one for write
>
> operations. (Or, you might want separate accounts to mirror
> applicationspecific
>
> roles. For example, you might want to use one account for Internet
>
> users and another for internal operators and/or administrators.)
>
> 2. Map each account to a SQL Server database role, and establish the
> necessary
>
> database permissions for each role.
>
> 3. Use application logic in your data access layer to determine which
> Windows
>
> account to impersonate before you perform a database operation.
>
> Note: Each account must be a domain account with Internet Information
> Services (IIS) and
>
> SQL Server in the same domain or in trusted domains. Or, you can create
> matching accounts
>
> (with the same name and password) on each computer.
>
>
> So I created a special windows account and gave it database permissions to
> execute  stored procedures. I am not sure whether I need this account or
> should I just give database permissions to ASPNET account? I couldn't find
> any practical example on what accounts I need to create,etc,etc. What are
> the best practices?
>
> Thanks.
> Nikhil
>
> "Steve C. Orr [MVP, MCSD]" <Steve@Orr.net> wrote in message
> news:ei4q3LjqEHA.2436@TK2MSFTNGP10.phx.gbl...
> > You could use impersonation to have ASP.NET run under the new windows
> > account you've created.
> >
> > For example, you can add a line similar to this to your web.config file:
> > <identity impersonate="true" userName="domain\MyAppUser">
> > password="password"/>
> >
> > Here's more info on impersonation:
> >
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconaspnetimpersonation.asp
> >
> > -- 
> > I hope this helps,
> > Steve C. Orr, MCSD, MVP
> > http://Steve.Orr.net
> >
> >
> >
> > "Nikhil Patel" <donotspam@nospaml.com> wrote in message
> > news:ONmBx%23iqEHA.2764@TK2MSFTNGP11.phx.gbl...
> >> Hi all,
> >>   I am using windows authentication to create a sql connection using
> >> following connection string stored in web.config.
> >> <add key="GoldmineConnectString"
> >>
> >> value="server=(local);initial catalog=pubs;Integrated Security=SSPI" />
> >>
> >> But when I run the application, the application is trying to connect to
> >> the database as MACHINENAME/ASPNET user. I would like it to use a
special
> >> windows account I have created for my application called MYAPPUSER. How
> >> can I make the application to use this windows account to connect to
the
> >> sql server?
> >>
> >> Thanks.
> >>
> >> Nikhil
> >>
> >>
> >
> >
>
>

Relevant Pages

  • Re: LogonUser Succeeds - but fails later
    ... > impersonation is set to true because we need to initially act as the ... But any calls to the database need to ... > be under a different account. ... > Paul Clement wrote: ...
    (microsoft.public.dotnet.security)
  • Re: Cannot import resource into enterprise - invalid windows account
    ... Using an account of administrator in PWA, ... the Enterprise Resource Pool. ... Enter at least, the resource name, windows account in the format ... Create a different set of users from User1, 2, etc to ...
    (microsoft.public.project.pro_and_server)
  • Re: Need Local Connection String to SQL Server for Classic ASP
    ... You cannot tell which windows account to use in a connection string. ... I definitely have a database established with SQL Server called ...
    (microsoft.public.sqlserver.connect)
  • RE: confused about credentials in impersonation
    ... Don't modify the web.config impersonation tag... ... If you want to make a call (to a database, webservice, whatever) as the ... > account or server's accounts or server's administration account or domain ...
    (microsoft.public.sharepoint.portalserver.development)
  • Re: LogonUser Succeeds - but fails later
    ... impersonation is set to true because we need to initially act as the ... But any calls to the database need to ... be under a different account. ... Now if I run the application and not user the LogonUser code, ...
    (microsoft.public.dotnet.security)