473,770 Members | 1,652 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

SQL Server Application Roles

Is this the correct way to use application roles?

Public Function GetDBConnection () As SqlConnection
Dim oCon As New SqlConnection(m yConnectionStri ng)
oCon.Open()
Using oCmd As SqlCommand = oCon.CreateComm and
oCmd.CommandTex t = "IF NOT User_NAME() = 'app_name' Exec
sp_setapprole 'app_name' ,'password"
oCmd.ExecuteNon Query()
End Using
Return oCon

What is a good way to embed/encrypt the application role's password in the
program?

--
Jonathan Allen


Nov 19 '05 #1
5 5717
Allow me to restate my question.

What the hell is the right way to use application roles from VB/C#? When I
try the below code, I get an exception the second time I call
GetDBConnection .

--
Jonathan Allen
"Jonathan Allen" <x@x.x> wrote in message
news:eF******** *****@TK2MSFTNG P15.phx.gbl...
Is this the correct way to use application roles?

Public Function GetDBConnection () As SqlConnection
Dim oCon As New SqlConnection(m yConnectionStri ng)
oCon.Open()
Using oCmd As SqlCommand = oCon.CreateComm and
oCmd.CommandTex t = "IF NOT User_NAME() = 'app_name' Exec
sp_setapprole 'app_name' ,'password"
oCmd.ExecuteNon Query()
End Using
Return oCon

What is a good way to embed/encrypt the application role's password in the
program?

--
Jonathan Allen

Nov 19 '05 #2
Applications roles work the same way normal users works... IMHO you
shouldnt be trying to create them from you application... you should
define them when configuring your database for deployment (or
development) ... the main (and only?) difference between app roles and
users... is that app roles are "saved" inside your database (while users
are saved in the database server) so if you backup and restore you
database in multiple sqlserver you app roles will continue to work...
while you user might have to be reatached (because their internal id
keys could be different in different dabase servers)...
I hope that helps ;) .
Jonathan Allen wrote:
Allow me to restate my question.

What the hell is the right way to use application roles from VB/C#? When I
try the below code, I get an exception the second time I call
GetDBConnection .

Nov 20 '05 #3
> Applications roles work the same way normal users works....

Application roles might appear similar to normal users in some areas but
these are actually very different.

A login is first authenticated at the SQL Server level. If valid, SQL
Server checks to see if the login has access to the requested database by
looking for a database user mapped to that login. If present, access to the
database is allowed to the database under the security context of the
database user. An database application role be activated only after SQL
Server allows database access.

As you indicated, a login/user mismatch can occur when a database is
attached or restored to another server. This problem can be addressed by
either recreating the problem database users or executing
sp_change_users _login to correct the problem. It is naive to assume that
application roles will circumvent the mismatched user problem because not
only is database access not guaranteed, the database could be accessed under
the wrong security context before the app role is activated.
--
Hope this helps.

Dan Guzman
SQL Server MVP

"luxspes" <me@privacy.net > wrote in message
news:uW******** ******@TK2MSFTN GP12.phx.gbl...
Applications roles work the same way normal users works... IMHO you
shouldnt be trying to create them from you application... you should
define them when configuring your database for deployment (or development)
... the main (and only?) difference between app roles and users... is that
app roles are "saved" inside your database (while users are saved in the
database server) so if you backup and restore you database in multiple
sqlserver you app roles will continue to work... while you user might have
to be reatached (because their internal id keys could be different in
different dabase servers)...
I hope that helps ;) .
Jonathan Allen wrote:
Allow me to restate my question.

What the hell is the right way to use application roles from VB/C#? When
I try the below code, I get an exception the second time I call
GetDBConnection .

Nov 20 '05 #4
I assume you are using SQL 2000. Application roles have been deprecated in
SQL Server 2005.

You need a single-quote after the password literal. Also, when you use
application roles, consider disabling connection pooling.

--
Hope this helps.

Dan Guzman
SQL Server MVP

"Jonathan Allen" <x@x.x> wrote in message
news:ee******** ******@TK2MSFTN GP11.phx.gbl...
Allow me to restate my question.

What the hell is the right way to use application roles from VB/C#? When I
try the below code, I get an exception the second time I call
GetDBConnection .

--
Jonathan Allen
"Jonathan Allen" <x@x.x> wrote in message
news:eF******** *****@TK2MSFTNG P15.phx.gbl...
Is this the correct way to use application roles?

Public Function GetDBConnection () As SqlConnection
Dim oCon As New SqlConnection(m yConnectionStri ng)
oCon.Open()
Using oCmd As SqlCommand = oCon.CreateComm and
oCmd.CommandTex t = "IF NOT User_NAME() = 'app_name' Exec
sp_setapprole 'app_name' ,'password"
oCmd.ExecuteNon Query()
End Using
Return oCon

What is a good way to embed/encrypt the application role's password in
the program?

--
Jonathan Allen


Nov 20 '05 #5
Au contraire.

Application roles have certainly not been deprecated in SQL 2005. They are
very much alive and well and actually improved. In SQL 2005 you can actually
unset the application role and return back to the user's original context.
This is conveninent in allowing you to move in and out of different parts of
an application with different security contexts. One application role might
have broad rights in one part of a schema while another might have broad
rights in another part. You might have a master control table specifying
which users can walk into which application roles.

Chuck Hawkins

"Dan Guzman" <gu******@nospa m-online.sbcgloba l.net> wrote in message
news:uw******** ******@TK2MSFTN GP09.phx.gbl...
I assume you are using SQL 2000. Application roles have been deprecated in
SQL Server 2005.

You need a single-quote after the password literal. Also, when you use
application roles, consider disabling connection pooling.

--
Hope this helps.

Dan Guzman
SQL Server MVP

"Jonathan Allen" <x@x.x> wrote in message
news:ee******** ******@TK2MSFTN GP11.phx.gbl...
Allow me to restate my question.

What the hell is the right way to use application roles from VB/C#? When
I try the below code, I get an exception the second time I call
GetDBConnection .

--
Jonathan Allen
"Jonathan Allen" <x@x.x> wrote in message
news:eF******** *****@TK2MSFTNG P15.phx.gbl...
Is this the correct way to use application roles?

Public Function GetDBConnection () As SqlConnection
Dim oCon As New SqlConnection(m yConnectionStri ng)
oCon.Open()
Using oCmd As SqlCommand = oCon.CreateComm and
oCmd.CommandTex t = "IF NOT User_NAME() = 'app_name' Exec
sp_setapprole 'app_name' ,'password"
oCmd.ExecuteNon Query()
End Using
Return oCon

What is a good way to embed/encrypt the application role's password in
the program?

--
Jonathan Allen



Nov 21 '05 #6

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
1
1856
SQL Server Connection User Security
by: Kevin | last post by:
I'm interested in opinion on how to handle the user security when connecting an Access Application to a SQL server. It will be a front-end mdb installed on each user's PC, connecting to the shared database. Option 1 is to create the connection using Trusted Connections. At the moment, this means we need to add each user into the SQL Server before they can connect. Is this normal or is this a missed configuration of the SQL Server? ...
Microsoft Access / VBA
6
1940
Conversion to SQL Server backend
by: Emily Jones | last post by:
Dear All I've got a MS Access application. Split FE/BE. 9 user LAN. I'm considering moving to a server backend. Probably SQL Server, with an Access FE still. Because: 1. We've been getting many 'disk or network error' messages. Emphasising what people have said - that Access is sensitive to network instability. The BE hasn't corrupted yet, but I'd rather not wait for that to happen.
Microsoft Access / VBA
4
5392
Server Error in '/' Application. -> web.config
by: tommy | last post by:
hello everbody, i write a little asp-application with forms-authentication. i copy my aspx-files with web.config to my webspace and i get the error above... i tried to set the custom-errors-tag ="off" but nothing happens.... what is my failure????
ASP.NET
3
375
Server Error in '/' Application.
by: Sean | last post by:
HI There, I am having trouble deploying my .aspx pages to a remote server, I have made changes to the config file and it still returns an error. I have also contacted the server administrator to create an application in IIS, what other checks can I make? Sean !-- error mesage
ASP.NET
3
807
HTTP/1.1 500 Internal Server Error
by: Niranjan Roy | last post by:
When trying to create Web application project from inside my Visual Studio.Net, I am getting the following error: --------------------------- Microsoft Development Environment --------------------------- The Web server reported the following error when attempting to create or
ASP.NET
0
2266
Server error on first try, but succeeds in subsequent tries (accessing files)?
by: Joergen Bech | last post by:
Fairly new to ASP.NET 1.1. Getting the error below when running application on a web server outside of my control, but only the first time I run it: 1. After a long period of inactivity (or updating the code-behind dll) accessing any aspx page in the application causes the application to run for the first time. Some of the initialization involves reading and writing some text and xml files using simple streamreader and streamwriter...
ASP.NET
5
6313
SQL Server Application Roles
by: Jonathan Allen | last post by:
Is this the correct way to use application roles? Public Function GetDBConnection() As SqlConnection Dim oCon As New SqlConnection(myConnectionString) oCon.Open() Using oCmd As SqlCommand = oCon.CreateCommand oCmd.CommandText = "IF NOT User_NAME() = 'app_name' Exec sp_setapprole 'app_name' ,'password" oCmd.ExecuteNonQuery() End Using
Visual Basic .NET
16
1951
Upsizing To SQL Server
by: Wayne | last post by:
Can anyone point me to any info on the pros and cons of upsizing small to medium size databases to SQL Server? If the user base is never going to be more than about 10, the app isn't totally mission critical and the record count will never get into the hundreds of thousands, is upsizing even worth considering? Any help is appreciated.
Microsoft Access / VBA
2
3915
Application Roles and SQL Server 2005 - DDL?
by: JimL | last post by:
Hello group, We have recently come up with a problem where SQLServer 2005 differs from 2000. We have an application role, which needs to run DDL to alter tables etc. The documentation for 2005 states quite clearly that application roles cannot be made members of built in roles like db_owner or db_ddladmin - which proves to be the case, but this was possible in 2000.
Microsoft SQL Server
0
9432
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
Windows Server
0
10232
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
C / C++
0
10059
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
Online Marketing
0
9873
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
General
0
8891
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
Career Advice
1
7420
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
Microsoft Access / VBA
0
6682
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
C# / C Sharp
0
5313
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
Networking - Hardware / Configuration
0
5454
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us