We are trying to determine if using application roles would be the best
method to access our SQL database with a "to be developed" ASP.Net
application or possibly an Access project. Some of the requirements of the
application will require different users to have access to different parts
of the database. Some users may be able to modify data while other users
might be read only users. I assume that this would require the application
to use different application roles depending on the user that is logging
into the application?
Another requirement of the application is the ability to maintain an audit
trail for users. So, either we will still have to use the user account to
create the initial connection to the database before applying the
application role or the user name will have to be passed in by the
application so that it can be used for auditing if another (single) account
is used for the initial connection to the database. Are there any guidelines
for best practice or recommended practice? Thanks.
Paul Bauer
paul.bauer@.rimrockgroup.com
www.rimrockgroup.comThere's some good info on role base authentication at the following website;
Building Secure ASP.NET Applications: Authentication, Authorization, and
Secure Communication
http://msdn.microsoft.com/library/d...-us/dnnetsec/ht
ml/SecNetch03.asp
Thanks,
Kevin McDonnell
Microsoft Corporation
This posting is provided AS IS with no warranties, and confers no rights.|||From what you described it doesn't look like using application roles will
fit your model.
When an application role is activated for a connection by the application,
the connection
permanently loses all permissions applied to the login, user account, or
other groups or
database roles in all databases for the duration of the connection. The
connection gains the
permissions associated with the application role for the database in which
the application role exists.
This means all users who connects the db through this application will have
the same permissions in
this db (unless your implement your own logic inside the application, which
doesn't seems to be your goal).
Using Windows authentification seems to be better solution here.
Thanks,
Lyudmila Fokina
Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
"Paul Bauer" <paul.bauer@.rimrockgroup.com> wrote in message
news:#z$3c0zTEHA.2580@.TK2MSFTNGP12.phx.gbl...
> We are trying to determine if using application roles would be the best
> method to access our SQL database with a "to be developed" ASP.Net
> application or possibly an Access project. Some of the requirements of the
> application will require different users to have access to different parts
> of the database. Some users may be able to modify data while other users
> might be read only users. I assume that this would require the application
> to use different application roles depending on the user that is logging
> into the application?
> Another requirement of the application is the ability to maintain an audit
> trail for users. So, either we will still have to use the user account to
> create the initial connection to the database before applying the
> application role or the user name will have to be passed in by the
> application so that it can be used for auditing if another (single)
account
> is used for the initial connection to the database. Are there any
guidelines
> for best practice or recommended practice? Thanks.
> Paul Bauer
> paul.bauer@.rimrockgroup.com
> www.rimrockgroup.com
>
>
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment