SQL Server Users VS Table Users

  • I am developing an ASP.NET CMS web application. I now have to develop the authentication part for different users with different privilages. These users will be used on the login page and they will update the content. I am trying to find out the best solution for this.

    Just like the most applications, I can create a user table that contains all of the users. And then some other tables to manage permissions of the users.

    OR

    I can create SQL Server logins for each person. When a user enters username and password, i create the connection string with the login info. If the user exists in SQL Server, he logs-in and does whatever he is allowed to.

    Which of these 2 ways is the best? I couldnt find any articles that study differences between the two methods.

    Thank you very much!!!!

  • I guess it's down to personal preference.  Given the choice, I'd create SQL logins and apply users to roles, thus making the adding/removing of users very simple.

    However, if for example, this was a commercial tool and the company had no formal DBA, then maybe a security/permissions section within the application that handled all of this would be ideal.

    I can't say I've come accross any pro's and con's for either choice, but SQL Server manages permissions well so I just stick with it.

Viewing 2 posts - 1 through 1 (of 1 total)

You must be logged in to reply to this topic. Login to reply