ASP.NET <-> SQL Security. Best approach?

Results 1 to 2 of 2

Thread: ASP.NET <-> SQL Security. Best approach?

  1. #1
    Join Date
    Dec 1969

    Default ASP.NET <-> SQL Security. Best approach?

    What would you suggest as being the best approach to handling the following a scenario.<BR><BR>I have a db on SQL 2000. There is a web app which allows for general read usage. Another web app allows for data modification which will be stored on the intranet. All Intranet users have an active directory login, but I&#039;d like to limit logins to certain NT groups for the modification app. <BR><BR>In all of the documentation I have seen, it suggests adding the ASPNET acocunt to SQL server with write permissions and use challenge response.<BR><BR>SInce i have both the public app and the modification app, wouldnt they both be running as the ASPNET account? and wouldnt it be bad to give that account both read and write permissions since the public app is internet accessible?

  2. #2
    Join Date
    Dec 1969

    Default That gets you by Windows Authentication

    You can still connect with the database user and set permissions to that particular user as needed.<BR><BR>Windows authentication is really a two part process. Allow the windows user access to the sql server instance. Second, the database user in the connection string is used to grant specific permissions.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts