September 17, 2009 at 1:30 pm
I've read countless articles and Microsoft Best Practices regarding Windows Authentication, but I'm curious to see what the field is using as their login account for a web application to the SQL Server.
Are you using Windows authentication and the application is impersonating a user?
SQL Server with the credentials compiled in the DLL?
SQL Server with the credentials in a Web.config file?
Another technique?
I'm also curious if you're using a data access layer (DAL) between the application and SQL Server.
Thanks for the input.
Steve
September 17, 2009 at 1:45 pm
I've almost always created a user in AD/Windows with no rights, assigned this user as the anon account in IIS. Then I can use it to run a DAL or log into SQL Server. If it hits a DAL on an app server, that DAL might have it's own SQL Server login.
September 18, 2009 at 6:53 am
So Steve, it sounds like you use mixed mode if you're using a DAL. Why are you using a SQL Login at the DAL layer? Is it because the application isn't impersonating the user? I think if the user is impersonated then the application would need the password, but I don't recall. If that's the case then it's more difficult if you were going to change the pw at the AD level because you would need to change it in the application as well and therefore might as well use a SQL Login.
Thanks for the response.
January 7, 2010 at 7:00 pm
Steve Jones - Editor (9/17/2009)
I've almost always created a user in AD/Windows with no rights, assigned this user as the anon account in IIS. Then I can use it to run a DAL or log into SQL Server. If it hits a DAL on an app server, that DAL might have it's own SQL Server login.
Steve,
1. I am not that much familiar with SQL Server terminology. What is DAL?
In my environment i have configured Reporting Service to use Active Directory (AD) so it prompts for usrnm/pw when the url is hit ; For a different third party app we are planning to use a Web Server. When you say use an anonymous account what exactly do you mean?
2. Is it possible to have a Proxy server communicating between Web Server & SQL Server DB servers? If so what i would be required to do?
TIA
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply