April 1, 2005 at 10:45 am
I am developing an ASP.NET CMS web application. I now have to develop the authentication part for different users with different privilages. These users will be used on the login page and they will update the content. I am trying to find out the best solution for this.
Just like the most applications, I can create a user table that contains all of the users. And then some other tables to manage permissions of the users.
OR
I can create SQL Server logins for each person. When a user enters username and password, i create the connection string with the login info. If the user exists in SQL Server, he logs-in and does whatever he is allowed to.
Which of these 2 ways is the best? I couldnt find any articles that study differences between the two methods.
Thank you very much!!!!
April 2, 2005 at 12:32 pm
I guess it's down to personal preference. Given the choice, I'd create SQL logins and apply users to roles, thus making the adding/removing of users very simple.
However, if for example, this was a commercial tool and the company had no formal DBA, then maybe a security/permissions section within the application that handled all of this would be ideal.
I can't say I've come accross any pro's and con's for either choice, but SQL Server manages permissions well so I just stick with it.
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply