September 1, 2009 at 8:12 pm
For Web Application, SQL authentication is considered typical.
We are building new enterprise level web application using SQL Server 2005 and have both internal users as well as external online users of application. App architecture is based of separate Active Directory for user authentication and app permissions/security and
I wanted to see if there are arguments for and again using windows authentication for all app users (existing in application's own separate Active Directory and impersonated for DB access layer Calls )
September 1, 2009 at 8:23 pm
I would disagree. Typically web applications that are Internet facing where the web servers sit in the DMZ use SQL Server authentication. Internal web servers the typical method is a service account via Windows authentication.
If your web servers in the DMZ don't have a trust relationship (because they aren't in the domain and don't have direct access to the DCs or internal DNS), then you would use SQL Server authentication. So for your scenario, these Internet facing ones probably should stick with that.
However, your internal web servers should use a service account from the Windows domain. Use a role to assign permissions to and make the SQL Server login and the Windows service account a member of the role. That will ensure they have the same permissions.
K. Brian Kelley
@kbriankelley
Viewing 2 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply