Best Practice: Connection Strings to MS-SQL datasource from web application
-
I have a question on what is the best method for database connections from a web page to an MS-SQL database (2005 currently)? Let me explain what this is coming from. I am cureently trying to define a standard practice of setting up our web apps from a web server point of view. I don't want Windows Authentication due to multiple browsers hitting and no guarentee that network user names and passwords would be encrypted (I know in the past netscape would pass the user names as clear text, I don't know if this has changed). So I wanted to use a domain name for the anonymous account (easy to port accounts between servers, since nothing has to be duplicated). Now comes the catch to the plan. When I try to setup the SQL connection string I run into several problems. I will list the two wethods I have tried and the problems assoicated with them. 1. <add name="CommonConnectString" connectionString="Data Source=Davinci;Initial Catalog=CommonTable;Persist Security Info=True;User ID=Local_DBO;Password=Ac90_&0w" providerName="System.Data.SqlClient"/> Problem I have with this method is setup and replication of database. When the tables are replicated between servers, I have to delete the user account and recreate it for the new database (the old SID's don't work on the new machine). 2. <add name="CommonConnectString" connectionString="Trusted_Connection=Yes;APP=Microsoft Data Access Components;SERVER=DAVINCI;DATABASE=Common;UID=domain\webdbo;" providerName="System.Data.SqlClient"/> This method works fine from a windows application, but won't work from a web application unless windows authenication is turned on (Account has been added to database with proper access rights). Replication should work, though I can't get this string to work, since the SID's are not on the server or the database. Any assistance in helping me find a way to setup the servers to allow for replication without having to go back and delete and recreate users and account would be greatly appreciated (articles on the subject would assist in not having to get into a lengthy discussion, or assistance on the problem or limitations of the second connection string are probably going to be the easiest to deal with). Thanks for any help,
Leo T. Smith Program/Analyst Supervisor
-
I have a question on what is the best method for database connections from a web page to an MS-SQL database (2005 currently)? Let me explain what this is coming from. I am cureently trying to define a standard practice of setting up our web apps from a web server point of view. I don't want Windows Authentication due to multiple browsers hitting and no guarentee that network user names and passwords would be encrypted (I know in the past netscape would pass the user names as clear text, I don't know if this has changed). So I wanted to use a domain name for the anonymous account (easy to port accounts between servers, since nothing has to be duplicated). Now comes the catch to the plan. When I try to setup the SQL connection string I run into several problems. I will list the two wethods I have tried and the problems assoicated with them. 1. <add name="CommonConnectString" connectionString="Data Source=Davinci;Initial Catalog=CommonTable;Persist Security Info=True;User ID=Local_DBO;Password=Ac90_&0w" providerName="System.Data.SqlClient"/> Problem I have with this method is setup and replication of database. When the tables are replicated between servers, I have to delete the user account and recreate it for the new database (the old SID's don't work on the new machine). 2. <add name="CommonConnectString" connectionString="Trusted_Connection=Yes;APP=Microsoft Data Access Components;SERVER=DAVINCI;DATABASE=Common;UID=domain\webdbo;" providerName="System.Data.SqlClient"/> This method works fine from a windows application, but won't work from a web application unless windows authenication is turned on (Account has been added to database with proper access rights). Replication should work, though I can't get this string to work, since the SID's are not on the server or the database. Any assistance in helping me find a way to setup the servers to allow for replication without having to go back and delete and recreate users and account would be greatly appreciated (articles on the subject would assist in not having to get into a lengthy discussion, or assistance on the problem or limitations of the second connection string are probably going to be the easiest to deal with). Thanks for any help,
Leo T. Smith Program/Analyst Supervisor
I would recommend using Windows Authentication. You can set it up independently of wither or not the web application is using windows authentication (ie. you can still use it when the web application is set to 'enable anonymous access'). You'll need to configure the application pool identity to a domain account. Then instead of adding a windows login to your SQL Server instances for the account add a group and grant permissions on your SQL Servers to that group. Then you can manage the user accounts used by your web server using your domain controller w/o affecting your sql servers or worring about SID issues. I'm assuming your application doesn't require Windows Authentication, but just to cover all the bases in case you need it - you can temporarily set the identity of the user for a block of code and impersonate the windows domain account when you need to for database access while maintaining the identity of the user for all other contexts w/in the application.
Mark's blog: developMENTALmadness.blogspot.com