Best practice for identity when accessing SQL Server...L

B

Brian Muth

We are in the final phases of rolling out an n-tier product that supports
both a COM+ middle-tier, a Web Service, and a backend database (SQL Server
2000).

The COM+ middle-tier application runs under a regular domain account, and
accesses the database using Integrated Windows Authentication (and this is
"goodness"). The issue is with the Web Service. Currently it is running
under ASP.NET, which, of course, is a local account.

Frankly, I would like to change the Web Service to run under a same regular
domain account as the COM+ application, for simplicity. However, my
programmers tell me this requires a change to machine.config, and this may
affect other deployed web services running on the same box.

Questions:

1. If we stick with ASP.NET, can this be used to access SQL Server 2000
using IWA?
2. Is there another approach where we can run our web service under our
domain user account without affecting other co-located web sites?
3. I'm open to other ideas how to approach this problem. How do others
tackle this idea? (or does everyone just use SQL authentication?)

Your ASP.NET neophyte,

Brian
 
B

bruce barker

any any asp.net application (vdir), you can set the service account in the
web.config file. see the <impersonate> entry. it also allows the username
and password be encrypted in the registery. if you are using server 2003,
you can setup an application pool, and give it its own service account.

avoid calling com+ from asp.net because it a real performance problem,
especially if the com objects are vb6.


-- bruce (sqlwork.com)



| We are in the final phases of rolling out an n-tier product that supports
| both a COM+ middle-tier, a Web Service, and a backend database (SQL Server
| 2000).
|
| The COM+ middle-tier application runs under a regular domain account, and
| accesses the database using Integrated Windows Authentication (and this is
| "goodness"). The issue is with the Web Service. Currently it is running
| under ASP.NET, which, of course, is a local account.
|
| Frankly, I would like to change the Web Service to run under a same
regular
| domain account as the COM+ application, for simplicity. However, my
| programmers tell me this requires a change to machine.config, and this may
| affect other deployed web services running on the same box.
|
| Questions:
|
| 1. If we stick with ASP.NET, can this be used to access SQL Server 2000
| using IWA?
| 2. Is there another approach where we can run our web service under our
| domain user account without affecting other co-located web sites?
| 3. I'm open to other ideas how to approach this problem. How do others
| tackle this idea? (or does everyone just use SQL authentication?)
|
| Your ASP.NET neophyte,
|
| Brian
|
|
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Public ASP.NET app and SQL Server security - best practices? 4
Windows identity getting confused between users 0
ASP.NET 2.0 accessing SQL Server Express 1
What's best practice for connecting to a Sql Server database 3
What's the best practice in adjusting web interface according tomembership? 4
SQL Server and .NET Interview questions free download 0
best practice for accessing a network share from IIS 2
SQL server authentication error 1

Members online

No members online now.
Total: 33 (members: 0, guests: 33)
Robots: 301

Forum statistics

Threads
473,996
Messages
2,570,238
Members
46,826
Latest member
robinsontor

Latest Threads

Top