Thanks Kevin,
unfortunately I am also the DBA :-). I have the freedom to install and
configure the network as I see fit, so I will configure the network in the
way the provides the best possible security. That is why I am looking at
adding another layer and putting the SQL server on a different machine to
IIS.
It's my understanding that if I communicate via TCP/IP between IIS server
and SQL Server machines then I can only use SQL authentication and NOT
Windows authentication. This is because Windows authentication relies on the
user being recognised by the OS and a tcp 1433 connection would go straight
to the SQL server.
Now - is it possible to use windows networking between the two machines -
and that way I could log in using the IIS_MACHINE/ASPNET user account. This
user account would have to be present on the SQL machine would it not? Would
this work if I gave it the same usernam and password - are there any
inherent security risks with this approach?
Thanks for the connectionstrings.com. That's a good reference. Straight to
the favourites.
Dan.
"Kevin Spencer" <ke***@takempis.com> wrote in message
news:uP**************@TK2MSFTNGP09.phx.gbl...
A SQLServer is much like a web server, other than the TCP/IP port it
listens to for requests. The Connection is defined via the Connection String,
which contains a number of parameter values that indicate how the database
should be connected to. It includes such things as the IP address/domain
name/machine name of the SQL Server machine (which one depends upon your
network configuration, which was a bit sketchy), the User Name and
Password you want to connect using, the database to use, and other optional
elements. A good reference for Connection Strings is
http://www.connectionstrings.com/.
You can use Either SQL Server authentication or Windows Authentication.
Which one you use depends upon how the SQL Server is configured. You
should ask your DBA about that.
--
HTH,
Kevin Spencer
.Net Developer
Microsoft MVP
Big things are made up
of lots of little things.
"Dan Walls" <wa****@hotmail.com> wrote in message
news:yJ*****************@news-server.bigpond.net.au... Hi,
I am deploying an ASP.Net web app into the following scenario:
Internet --> Firewall --> WebServer (IIS) --> [firewall?] --> [database
server]
However I am not sure what sort of authentication options are available
to me in gettingthe application to talk to the SQL server.
How do I talk between the web app and the database server - if TCP/IP
then what mode of authentication do I use? What would a typical connection
string look like?
Are there any references where I can study up on this ? I couldn't find
anything even though I spent half the day looking - mind you it helps to
know what you're looking for.
Thanks very much if you can help me,
Dan.