ASP.NET + SQL Server + WebHost - Setup Questions

Discussion in 'ASP .Net' started by Dean Craig, Nov 2, 2006.

  1. Dean Craig

    Dean Craig Guest

    I'm getting ready to build my first ASP.NET/SQL Server website that will be
    hosted on some web host out there (long distance, different network). The
    work I've done in the past (pre-.NET) was all done on in-house servers.
    Since this website/web-app will be hosted elsewhere, I wanted to ask some
    questions to make sure that I'm doing things correctly.

    We have a SQL 2000 db hosted on a server here. I need to build a website
    (hosted remotely) that will both read and write data from this database as
    well as a couple of other SQL 2000 (maybe 2005 also) databases located on
    machines here.

    What is the best way to accomplish this via a hosted setup (like
    http://www.discountasp.net/) and ASP.NET?

    What features do I need to make sure I have when trying to select a web
    hosting provider?

    What is the best method for accessing the databases here from the
    remotely-hosted website? I want to make sure I'm using the best methods for
    speed, security, stability, etc.

    Will I just access the SQL Servers here directly, or do I need to have a SQL
    Server running at the web host also some type of a subscription setup? I
    asked these question in another group and I was told to use replication to
    keep a copy of the databases local to the web host for performance reasons.

    Any recommandations for quality ASP.NET web hosting providers? Any that
    you've had good service and results with?

    I have no idea what the best way to accomplish this is and I'm feeling lost.
    Thanks in advance for any and all information, I really appreciate it.
     
    Dean Craig, Nov 2, 2006
    #1
    1. Advertising

  2. Hello Dean,

    Welcome here.

    From your description, you have some questions about choosing a public
    ASP.NET web application host. Here are some of my understanding and
    suggestion to your questions:


    What is the best way to accomplish this via a hosted setup (like
    http://www.discountasp.net/) and ASP.NET?
    =========================================
    I think you should consider it carefully that whether you really want to
    let your web application directly access your SQL Server(there is
    security/authentication challenge here) since the web appliation will be
    hosted in public host. IMO, you've several options as below:

    ** let the web appliaction directly access your SQL Server and you'll use
    SQL Login mode and store username/password in your ASP.NET app's
    connectionstring

    **build a webservice for delegating the data accesing task, your ASP.NET
    web application will call the webservice rather than directly access
    sqlserver.


    What features do I need to make sure I have when trying to select a web
    hosting provider?
    =========================================
    I think resources(on the server) access permission would be an important
    one you should consider. For example,

    can you have full access of the file disk within your application's folder
    can you access eventlog

    In addition, since ASP.net application has a CAS trust level setting(by
    default it is Full level ), you need to also make sure whether the web host
    will allow you run application as "Full" trust level. As far as I know,
    most host will restrict hosted application under very limited trust
    level(such as Medium or Low).



    What is the best method for accessing the databases here from the
    remotely-hosted website? I want to make sure I'm using the best methods
    for
    speed, security, stability, etc.
    =========================================
    For better performance, you should use directly database access and
    consider use replication, however, this should be a advanced feature which
    will not be provided by every web hosts.

    For security, since you're connecting your own server over inernet, only
    SQL Server authentication(mixed mode) can be used. You need to consider how
    your username/password pair will be stored in your application. ASP.NET
    support encrypting web.config sections, however, you need to do the
    encryption on the deployment server rather than development machine. Thus,
    if you want to use web.config encryption, you need to also ask your web
    host whether you can execute some command on the host server to encrypt
    web.config at deployment time.



    Will I just access the SQL Servers here directly, or do I need to have a
    SQL
    Server running at the web host also some type of a subscription setup? I
    asked these question in another group and I was told to use replication to
    keep a copy of the databases local to the web host for performance reasons.
    =========================================
    If possible, that does helps on performance, however, it depends on the
    host provider.


    Any recommandations for quality ASP.NET web hosting providers? Any that
    you've had good service and results with?
    =========================================

    I would suggest you have a look at the host on the www.asp.net web site
    since that's the official website of ASP.NET developing and here is the
    host info about ASP.NET :

    http://www.asp.net/Hosters/


    Hope this helps. Please feel free to let me know if there is anything else
    you wonder.

    Sincerely,

    Steven Cheng

    Microsoft MSDN Online Support Lead



    ==================================================

    Get notification to my posts through email? Please refer to
    http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
    ications.



    Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
    where an initial response from the community or a Microsoft Support
    Engineer within 1 business day is acceptable. Please note that each follow
    up response may take approximately 2 business days as the support
    professional working with you may need further investigation to reach the
    most efficient resolution. The offering is not appropriate for situations
    that require urgent, real-time or phone-based interactions or complex
    project analysis and dump analysis issues. Issues of this nature are best
    handled working with a dedicated Microsoft Support Engineer by contacting
    Microsoft Customer Support Services (CSS) at
    http://msdn.microsoft.com/subscriptions/support/default.aspx.

    ==================================================



    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Steven Cheng[MSFT], Nov 3, 2006
    #2
    1. Advertising

  3. Dean Craig

    Dean Craig Guest

    Thanks for the information Steven, please see my responses below:

    > I think you should consider it carefully that whether you really want to
    > let your web application directly access your SQL Server(there is
    > security/authentication challenge here) since the web appliation will be
    > hosted in public host. IMO, you've several options as below:
    >
    > ** let the web appliaction directly access your SQL Server and you'll use
    > SQL Login mode and store username/password in your ASP.NET app's
    > connectionstring


    If I have a copy of the database on the same server or the same network as
    the web server at the web host, why couldn't I use Windows
    login/authentication? Then use replication/subscriptions to keep the
    databases in sync, probably via a transactional setup?

    I wonder if I could use a VPN connection from the web host to our servers
    here, for the two databases to communicate with each other, for security?


    > **build a webservice for delegating the data accesing task, your ASP.NET
    > web application will call the webservice rather than directly access
    > sqlserver.


    Would this web service access a locally stored copy of the database at the
    web host, or would my ASP.NET application call to a web service running on a
    server in our building here and access our local SQL Server?

    I don't know that much about web services yet, so I'm not sure if this
    method would be a benefit or a drawback for our scenario. I have no idea
    how much more coding this method would require, nor how flexible it would
    be. For instance everytime we need a new report or to add a query, the
    application will have to be modified and the database, so would I also have
    to modify the web service with every change also?

    I don't know about the securty of having an exposed web service where
    someone might be able to access our databases?


    > In addition, since ASP.net application has a CAS trust level setting(by
    > default it is Full level ), you need to also make sure whether the web
    > host
    > will allow you run application as "Full" trust level. As far as I know,
    > most host will restrict hosted application under very limited trust
    > level(such as Medium or Low).


    And what happens if the web hosts only offer these Medium or Low levels? Is
    there a work-around or are the drawbacks not worthwhile?


    Thanks for all of your help.


    Dean
     
    Dean Craig, Nov 3, 2006
    #3
  4. Hello Dean,

    Thanks for the reply.

    for your further questions:

    If I have a copy of the database on the same server or the same network as
    the web server at the web host, why couldn't I use Windows
    login/authentication? Then use replication/subscriptions to keep the
    databases in sync, probably via a transactional setup?
    ==============================================
    Yes, of course you can use windows authentication if you have a local
    sqlserver instance on the host provider's server machine(or local
    environment). However, that windows authentication is peforming against the
    host provider's local security database(windows accounts) rather than your
    own intranet's user accounts.



    I wonder if I could use a VPN connection from the web host to our servers
    here, for the two databases to communicate with each other, for security?
    ==============================================

    I don't think this is quite doable, two problems here:

    ** VPN require us to establish the VPN connection first, normally if a
    server joins a VPN, it will lose its original network connections(at least
    will be affected).

    ** I don't think webhost will make their server join another VPN




    Would this web service access a locally stored copy of the database at the
    web host, or would my ASP.NET application call to a web service running on
    a
    server in our building here and access our local SQL Server?

    I don't know that much about web services yet, so I'm not sure if this
    method would be a benefit or a drawback for our scenario. I have no idea
    how much more coding this method would require, nor how flexible it would
    be. For instance everytime we need a new report or to add a query, the
    application will have to be modified and the database, so would I also have
    to modify the web service with every change also?

    I don't know about the securty of having an exposed web service where
    someone might be able to access our databases?
    ================================================
    Webservice is just a distribute programming interface. If you use
    webservice, you need to put your original ADO.NET code into webservice's
    webmethod. And your ASP.NET web application will call webservice webmethods
    instead of directly call ADO.NET components. And for webservice, you can
    utilize existing security features such as basic authentication +
    https/ssl or implement custom authentication in code. Anyway, since you're
    not very familar with it in this case, I think you can put it aside for
    future plan.





    And what happens if the web hosts only offer these Medium or Low levels?
    Is
    there a work-around or are the drawbacks not worthwhile?
    ======================================================
    In .net framework, Code Access Security (CAS) is used to perform security
    checking and restriction on the code that can be executed in a certain .net
    framework application.

    #Code Access Security in Practice
    http://msdn.microsoft.com/library/en-us/dnnetsec/html/THCMCh08.asp?frame=tru
    e


    In ASP.NET, the "trust" level controls the code access permission the
    ASP.NET applciation will have(what level of code it can execute). By
    default (defined in machine.config) ASP.NET application is running under
    "Full" trust level, however, in public web host provider, they only provide
    "Medium" trust level, thus, some privileged .net code(such as unmanaged
    interop code or file IO API) will not allowed to be execute.

    Here is a good reference article about CAS with ASP.NET, you can refer to
    it to get more ideas:

    #How To: Use Code Access Security in ASP.NET 2.0
    http://msdn.microsoft.com/library/en-us/dnpag2/html/paght000017.asp?frame=tr
    ue


    Also, even with "Medium" trust, there is some best practice article
    describe how to make our ASP.NET application work in restricted host
    environment:

    #How To: Use Medium Trust in ASP.NET 2.0
    http://msdn.microsoft.com/library/en-us/dnpag2/html/paght000020.asp?frame=tr
    ue


    Hope this also helps.



    Sincerely,

    Steven Cheng

    Microsoft MSDN Online Support Lead



    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Steven Cheng[MSFT], Nov 6, 2006
    #4
  5. Hello Dean,

    Have you got any further idea on this issue? Anyway, if you have any
    further questions or anything else we can help, please don¡¯t hesitate to
    let me know.

    Sincerely,

    Steven Cheng

    Microsoft MSDN Online Support Lead


    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Steven Cheng[MSFT], Nov 8, 2006
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ivan Demkovitch

    scheduling thru posting on a public webhost??

    Ivan Demkovitch, Apr 24, 2004, in forum: ASP .Net
    Replies:
    2
    Views:
    345
    Annick Van Hoof
    Jun 23, 2004
  2. Nick
    Replies:
    2
    Views:
    385
  3. syska
    Replies:
    1
    Views:
    388
    George Ter-Saakov
    Jan 12, 2006
  4. Chris Harris

    OT aaa-webhost.net

    Chris Harris, Dec 11, 2003, in forum: HTML
    Replies:
    8
    Views:
    843
    Tina - AffordableHOST.com
    Dec 12, 2003
  5. Thumper

    Problems with Bravidio webhost

    Thumper, Jan 19, 2005, in forum: HTML
    Replies:
    3
    Views:
    442
Loading...

Share This Page