D
Dave
Hi,
I've read quite a few places where it recommends you use
integrated security in your connection string.
I tried this in test page to connect to the Northwind
database by setting my connection string to:
"data source=<mymachinename>;initial
catalog=Northwind;integrated security=SSPI;"
It worked as long as I added ASPNET, the account used for
running ASP.NET Worker processes, as a SQL Server Login
with access to Northwind.
My question is should each web application on the server
have it's own ASPNET-type account so it only has accesses
the databases it needs?
For example:
ASPNET_Northwind (This account can only access the
Northwind site and the Northwind database)
ASPNET_Pubs ((This account can only access the Pubs site
and the Pubs database)
etc. If so, how do I do this?
Thanks, Dave.
I've read quite a few places where it recommends you use
integrated security in your connection string.
I tried this in test page to connect to the Northwind
database by setting my connection string to:
"data source=<mymachinename>;initial
catalog=Northwind;integrated security=SSPI;"
It worked as long as I added ASPNET, the account used for
running ASP.NET Worker processes, as a SQL Server Login
with access to Northwind.
My question is should each web application on the server
have it's own ASPNET-type account so it only has accesses
the databases it needs?
For example:
ASPNET_Northwind (This account can only access the
Northwind site and the Northwind database)
ASPNET_Pubs ((This account can only access the Pubs site
and the Pubs database)
etc. If so, how do I do this?
Thanks, Dave.