|
dev
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Re: SQL Server Authentication versus Windows Authenticationauthentication has some security implications so it is generally better (IMHO) to use Windows Authentication to SQL Server, though by using a Integrated Security you are using the current principal running the ASP.NET page. In general this is either a very limited user (e.g. Network Service under W2K3) or a specific windows principal. If you are using Windows Authentication on your ASP.NET (e.g. Intranet projects), then integrated security means that your actual users are authenticating to the SQL Server. This is good and bad. Bad in that you need to make sure they have access, but good if you need to audit database changes as it will be annotated with who made what changed in audit logs. But this is a usually not the case. I think the best practice with ASP.NET is to use a user account to authenticate with instead of SQL Server security. Whether you use integrated security to pass the credentials to the SQL Server is up to you, but in either case the user should probably be somewhat limited in access to the database to prevent intrusions into the website causing havok. Does this make any sense? Thanks, Shawn Wildermuth Wildermuth Consulting Services, LLC http://adoguy.com C# MVP, MCSD.NET, Author and Speaker Show quote > -----Original Message----- > From: supv***@gmail.com > Posted At: Thursday, July 13, 2006 5:14 PM > Posted To: microsoft.public.dotnet.framework.adonet > Conversation: SQL Server Authentication versus Windows Authentication > Subject: SQL Server Authentication versus Windows Authentication > > > Hello, > > I am hearing conflicting point of views regarding ASP.Net > development - some folks say that when connecting to a SQL > Server via ASP.Net it is better to connect using Integrated > Windows Authentication (trusted > connection) while others say that it is better to connect > using SQL Server Authentication. > > The two modes mean the following to me - > > Windows Authentication Mode - meaning a domain account given > permission to a particular SQL Server database. > > SQL Server Authentication Mode - meaning an user created in > SQL Server itself and given specific permissions to a database. > > Could someone provide me with some direction regarding these > two options and what are the advantages and disadvantages of > each of these? > > Thanks for your help regarding this. > > > Hi Shawn,
Yes, it does. I wonder if there are any advantages to using SQL Authentication over Windows Authentication at all? <supv***@gmail.com> wrote in message
news:1152828180.795697.158520@h48g2000cwc.googlegroups.com... 1. When you use SQL Authentication, you donot need to open a Windows> Hi Shawn, > >... I wonder if there are any advantages to using SQL > Authentication over Windows Authentication at all? > account for a user. 2. With SQL Authentication, you can customize your own login process. But you will have to make sure that you provide your own encryption methods to protect the data and SQL credential. Using SSL is one method. You may use MS/SQL Best Practice to find out which one is suitable to your shop. No solution is perfect. Comacho  |
|||||||||||||||||||||||
Other interesting topics