Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / Web Services / September 2004

Tip: Looking for answers? Try searching our database.

Using Impersonation

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Gravy - 10 Sep 2004 15:32 GMT
Is it ok to use impersonation in the web.config file for a web service?

Let me tell you why I ask. My web service to ultimately connection to a sql
server database. The recommended way to connect to SqlServer is to use a
trusted connection (nt authentication etc), but inorder for me to do this I
want to change the user my webservice (aspnet_wp) is running under - don't
I? Hence the use of the Impersonation element in the web.config file. I
suppose I could use normal authentication to SqlServer but that means I have
to keep a username and password somewhere.

BYW, I'm using WSE 2.0 for authentication - don't know if this would make a
difference.

Thanks for any help

Graham Allwood
Reply to this Message
Girish bharadwaj - 11 Sep 2004 11:35 GMT
Well, you can potentially run a different "Datalayer" component under a
different user who can access the database.

> Is it ok to use impersonation in the web.config file for a web service?
>
[quoted text clipped - 12 lines]
>
> Graham Allwood
Reply to this Message
Jared - 11 Sep 2004 13:26 GMT
Gravy,
   Once your user is authenticated to your web service, does every user
require/get access to the database? If so, and they all get the same access,
then allowing access to the ASPNET account will do what you want. If you
need to enforce non-repudiation, or sql security then you will want to
impersonate the user. It all comes down to what you need to do with the
credentials, fact remains, they did supply the correct credentials to access
the service.

Jared

> Is it ok to use impersonation in the web.config file for a web service?
>
[quoted text clipped - 12 lines]
>
> Graham Allwood
Reply to this Message

 Rate this thread:







Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.