473,321 Members | 1,877 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,321 software developers and data experts.

question on using integrated secuity in DB call.

Bob
I would like to use integrated security for DB connection for my ASP.NET
applications. Since these apps have different databases (SQL Server), I
want each app to be able to access its own database. Say if I have 10 apps,
I'd need 10 logins, one login for each DB. Now throw in the windows
integrated security, I need 10 windows account. However, in order to run an
ASP.NET app under a certain identity, it has to have its own application
pool in IIS 6. This means I'd need 10 application pools. Partitioning the
server resources into 10 pools is not a good idea on Windows 2003 Standard
Edition as it divides the resources evenly among the pools. Some of my apps
have much heavier load than the others so it's bad. Is there another way to
leverage integrated security without having to create one app pool for each?

Thanks
Bob
Nov 19 '05 #1
2 1366
Hi Bob,

I'm curious as to why you think you need 10 logins to access one SQL Server?
Your question about application pooling is well taken. The way .Net
application pooling works, you generally don't need to manage it at all. It
manages itself. When you re-use a Connection String, a pooled Connection can
be re-used (automatically) by your application. However, with 10 Connection
Strings, you are ensuring at least 10 pooled Connections. It would seem more
efficient to use a single Windows login for all 10 databases, and assign
that one login the necessary permissions it needs for each database. Unless
there's something I'm missing. One reason I can think of for both using
Integrated Security and multiple logins would be if your web app used Active
Directory and required each user to log in as him/herself. If each user had
access to only one database, and not all 10, that would possibly require 10
logins, depending upon how you architect it. However, since your app is
actually the entity that connects to the database, and not each user, it
would probably be better to design your app to use a single login to connect
to all the databases, and business logic to grant or deny access to
individual clients.

--
HTH,

Kevin Spencer
Microsoft MVP
..Net Developer
The sun never sets on
the Kingdom of Heaven

" Bob" <bo*******@yahoo.com> wrote in message
news:OI**************@TK2MSFTNGP12.phx.gbl...
I would like to use integrated security for DB connection for my ASP.NET
applications. Since these apps have different databases (SQL Server), I
want each app to be able to access its own database. Say if I have 10
apps,
I'd need 10 logins, one login for each DB. Now throw in the windows
integrated security, I need 10 windows account. However, in order to run
an
ASP.NET app under a certain identity, it has to have its own application
pool in IIS 6. This means I'd need 10 application pools. Partitioning
the
server resources into 10 pools is not a good idea on Windows 2003 Standard
Edition as it divides the resources evenly among the pools. Some of my
apps
have much heavier load than the others so it's bad. Is there another way
to
leverage integrated security without having to create one app pool for
each?

Thanks
Bob

Nov 19 '05 #2
Bob
Kevin, It's for security. Correct my apps (note not just one app) are the
entities to connect to the DB server. I want app1 to be only able to access
DB1, app2 only to DB2, and so on. You see my point? I don't want app1 to
be able to access DB2 at all.

Thanks
Bob

"Kevin Spencer" <ke***@DIESPAMMERSDIEtakempis.com> wrote in message
news:O4**************@TK2MSFTNGP10.phx.gbl...
Hi Bob,

I'm curious as to why you think you need 10 logins to access one SQL Server? Your question about application pooling is well taken. The way .Net
application pooling works, you generally don't need to manage it at all. It manages itself. When you re-use a Connection String, a pooled Connection can be re-used (automatically) by your application. However, with 10 Connection Strings, you are ensuring at least 10 pooled Connections. It would seem more efficient to use a single Windows login for all 10 databases, and assign
that one login the necessary permissions it needs for each database. Unless there's something I'm missing. One reason I can think of for both using
Integrated Security and multiple logins would be if your web app used Active Directory and required each user to log in as him/herself. If each user had access to only one database, and not all 10, that would possibly require 10 logins, depending upon how you architect it. However, since your app is
actually the entity that connects to the database, and not each user, it
would probably be better to design your app to use a single login to connect to all the databases, and business logic to grant or deny access to
individual clients.

--
HTH,

Kevin Spencer
Microsoft MVP
.Net Developer
The sun never sets on
the Kingdom of Heaven

" Bob" <bo*******@yahoo.com> wrote in message
news:OI**************@TK2MSFTNGP12.phx.gbl...
I would like to use integrated security for DB connection for my ASP.NET
applications. Since these apps have different databases (SQL Server), I
want each app to be able to access its own database. Say if I have 10
apps,
I'd need 10 logins, one login for each DB. Now throw in the windows
integrated security, I need 10 windows account. However, in order to run an
ASP.NET app under a certain identity, it has to have its own application
pool in IIS 6. This means I'd need 10 application pools. Partitioning
the
server resources into 10 pools is not a good idea on Windows 2003 Standard Edition as it divides the resources evenly among the pools. Some of my
apps
have much heavier load than the others so it's bad. Is there another way to
leverage integrated security without having to create one app pool for
each?

Thanks
Bob


Nov 19 '05 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
by: Nashat Wanly | last post by:
HOW TO: Call a Parameterized Stored Procedure by Using ADO.NET and Visual C# .NET View products that this article applies to. This article was previously published under Q310070 For a Microsoft...
3
by: Robb Gilmore | last post by:
Hello, We have a C#.NET app which runs as a windows service. Periodically it needs to post information via the internet to a remote server. For the posting, we are using HttpWebRequest class....
8
by: John Lee | last post by:
Hi, If I want to check permission on each public method of a web service, (assume the checking routine is ready to use and called AccessCheck) , one way of doing it is to call this AccessCheck...
3
by: jm | last post by:
Right now, I have a MySQL database that has groups defined (not AD groups) and based upon which group a user is in they are allowed certain pages, controls, etc. I want to make my systems more...
2
by: J-T | last post by:
We have an asp.net application with <identity impersonate="true"/> and <authentication mode="Windows" /> in our web config and we are using Windows integrated in IIS and also NT AUTHORITY\NETWORK...
7
by: Rick | last post by:
I'm sorry for posting this here, but other more relevant groups are a little too quiet. Has anyone out there come up with an effective strategy for using VSS with a development team? IME it is a...
0
by: Marc Melancon | last post by:
I want to use the new SQL Server 2005 JDBC Driver in a java app that runs under Local System Account (as a service) and I need to connect to SQL Server using integrated security. Because that...
7
by: jason | last post by:
In the microsoft starter kit Time Tracker application, the data access layer code consist of three cs files. DataAccessHelper.cs DataAcess.cs SQLDataAccessLayer.cs DataAcccessHelper appears...
0
by: Ted Ngo | last post by:
Hi All, I want to develop an application using TLS (C# 2.0) to test our server, which just installed the AT/TLS encryption on test system's CICS Sockets. I here .NET 2.0 support TLS, but I can...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.