 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / ASP.NET / General / July 2005question on using integrated secuity in DB call.
I would like to use integrated security for DB connection for my ASP.NET applications. Since these apps have different databases (SQL Server), I want each app to be able to access its own database. Say if I have 10 apps, I'd need 10 logins, one login for each DB. Now throw in the windows integrated security, I need 10 windows account. However, in order to run an ASP.NET app under a certain identity, it has to have its own application pool in IIS 6. This means I'd need 10 application pools. Partitioning the server resources into 10 pools is not a good idea on Windows 2003 Standard Edition as it divides the resources evenly among the pools. Some of my apps have much heavier load than the others so it's bad. Is there another way to leverage integrated security without having to create one app pool for each? Thanks Bob Hi Bob, I'm curious as to why you think you need 10 logins to access one SQL Server? Your question about application pooling is well taken. The way .Net application pooling works, you generally don't need to manage it at all. It manages itself. When you re-use a Connection String, a pooled Connection can be re-used (automatically) by your application. However, with 10 Connection Strings, you are ensuring at least 10 pooled Connections. It would seem more efficient to use a single Windows login for all 10 databases, and assign that one login the necessary permissions it needs for each database. Unless there's something I'm missing. One reason I can think of for both using Integrated Security and multiple logins would be if your web app used Active Directory and required each user to log in as him/herself. If each user had access to only one database, and not all 10, that would possibly require 10 logins, depending upon how you architect it. However, since your app is actually the entity that connects to the database, and not each user, it would probably be better to design your app to use a single login to connect to all the databases, and business logic to grant or deny access to individual clients.  SignatureHTH, Kevin Spencer Microsoft MVP .Net Developer The sun never sets on the Kingdom of Heaven >I would like to use integrated security for DB connection for my ASP.NET > applications. Since these apps have different databases (SQL Server), I [quoted text clipped - 16 lines] > Thanks > Bob Kevin, It's for security. Correct my apps (note not just one app) are the entities to connect to the DB server. I want app1 to be only able to access DB1, app2 only to DB2, and so on. You see my point? I don't want app1 to be able to access DB2 at all. Thanks Bob > Hi Bob, > [quoted text clipped - 36 lines] > > Thanks > > Bob Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.