Newbie: Security Questions

[MattC]

Hi,

I posted in dotnet.security and was directed here.

I am to develop am ASP.NET appplication that will access many different
databases on different servers

I have also been given a requirement that the person logged on to the
computer may not be the user accessing the application.
All the users will be stored in Windows Accounts on Active Directory.

So I came to the initial conclusion after some ferreting around that I
should use Forms based authentication for access to the site. And any
database connections I make should use specific SQL users that have been set
up on the servers.

Is this feasible? Is there a more common way of solving this problem?


MattC

 

[David Coe, MCP]

First, you can still use Windows based authentication with your scenario. It will just happen that when the person logged onto the machine tries to access the application, and ASP.NET sees that they do not have the permission (after negotiating with the file system), the person will be prompted to enter the correct user name and password information

To answer your question, it just seems like you want to have a single user in SQL Server that is used to access the data. In SQL Server you would set up the user, then in the connection string you would no longer use Integrated Security; rather, it would be something like "Data Source=myserver; user id=myuser; pwd=password;"