November 16, 2009 at 11:23 am
Hi Folks,
I have an asp.net web application, I need to connect to another department to retrieve data there, it's a SQL database (not sure if it is 2k5 or 2k), my database is 2k5.
I am wondering how do I access their data? Integrated security? or username and password?
they don't want to create access for a specific person but have no issue to do that for a specific group, problem is I don't know how to set it up in my app? Currently I am always using either Integrated security or username/password (this means I have to put the credential in plain text in web.config - which I really don't want to)
Can anyone tell me how to do this?
Thank you very much in advance.
November 16, 2009 at 11:46 am
halifaxdal (11/16/2009)
Hi Folks,I have an asp.net web application, I need to connect to another department to retrieve data there, it's a SQL database (not sure if it is 2k5 or 2k), my database is 2k5.
I am wondering how do I access their data? Integrated security? or username and password?
they don't want to create access for a specific person but have no issue to do that for a specific group, problem is I don't know how to set it up in my app? Currently I am always using either Integrated security or username/password (this means I have to put the credential in plain text in web.config - which I really don't want to)
Can anyone tell me how to do this?
Thank you very much in advance.
The group access they speak of would be from NTAuth / Integrated Security. For this to work, they would add the group that already exists in the Domain and grant permissions to that group in the database. This group would contain users at the domain level. If they are in a different domain, they would have to configure domain trusts to allow your group to access their domain. If it is the same domain, check with the netadmins, see if there is a group that already exists that contains the user that needs access.
Once you know what group to use, then talk to the other department to notify them of the group that needs to be accessed - and work out the perms etc. From your side, you would specify integrated security connection strings from within your app.
The use of Groups in setting security is a preferred method. Should somebody leave the company, you can simply remove that persons account from AD and the user is removed from the groups. When somebody new arrives or needs that access, then you just add them to the group from the Domain. Saves a lot of work and creates a method to ensure business continuity from a permissions perspective.
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
November 16, 2009 at 11:57 am
From your side, you would specify integrated security connection strings from within your app.
Hi Jason,
Thanks for your reply. Can you tell me how to write my connection string in web.config? Currently I am using something like:
connectionString="Data Source=XX.XX.XX.;Initial Catalog=SomeDatabase;Integrated Security=True"
or
connectionString="Data Source=XX.XX.XX.XX;Initial Catalog=SomeDatabase;User ID=SomeUser; Password=SomePwd;Connect Timeout=200;"
November 16, 2009 at 1:13 pm
halifaxdal (11/16/2009)
From your side, you would specify integrated security connection strings from within your app.
connectionString="Data Source=XX.XX.XX.;Initial Catalog=SomeDatabase;Integrated Security=True"
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
November 16, 2009 at 1:43 pm
halifaxdal (11/16/2009)
From your side, you would specify integrated security connection strings from within your app.
connectionString="Data Source=XX.XX.XX.;Initial Catalog=SomeDatabase;Integrated Security=True"
But where do I specify the group? web.config?
Thanks.
November 16, 2009 at 3:09 pm
YOU don't specify any group at all for your connection string. The group is transparent to your connection string.
You just need to know that your NtAuth user is a member of the group that you will tell the DBA from the other department to use.
Example: Joe has an Account in somedomain. In Somedomain, Joe is a member of the DBApplication Domain Group. The DBA adds DBApplication group to the Database Read_only role.
Joe logs onto the Database using NTAuth (somedomain\Joe)...but Joe was never granted explicit permissions to the database. Since he is a member of DBApplication, he has the ability to logon to the database with ReadOnly Permission. When Joe tries to logon with an application, the application uses a connection string like:
connectionString="Data Source=XX.XX.XX.;Initial Catalog=SomeDatabase;Integrated Security=True"
Joe is still able to logon to the database in the other department because DBApplication has been granted access.
If Joe No longer needs access, then the DOMAIN ADMINS remove Joe from the group and add Sally. Now Joe can no longer access that DB Server - but SALLY can since she is a member of the group.
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
November 16, 2009 at 4:37 pm
halifaxdal (11/16/2009)
halifaxdal (11/16/2009)
From your side, you would specify integrated security connection strings from within your app.
connectionString="Data Source=XX.XX.XX.;Initial Catalog=SomeDatabase;Integrated Security=True"
But where do I specify the group? web.config?
Thanks.
You can add the groups in the authorization section under allow but please don't add anything in deny because Asp.net is also a member of the default everybody group. You enable impersonation then add the groups in the allow section make sure Network Service which is the account used to run Asp.net have access to the server and database. Check below for sample authorization sections you can find in your web.config.
http://support.microsoft.com/kb/316871
Kind regards,
Gift Peddie
Viewing 7 posts - 1 through 7 (of 7 total)
You must be logged in to reply to this topic. Login to reply