question on using integrated secuity in DB call.

Discussion in 'ASP .Net' started by Bob, Jul 18, 2005.

  1. Bob

    Bob Guest

    I would like to use integrated security for DB connection for my ASP.NET
    applications. Since these apps have different databases (SQL Server), I
    want each app to be able to access its own database. Say if I have 10 apps,
    I'd need 10 logins, one login for each DB. Now throw in the windows
    integrated security, I need 10 windows account. However, in order to run an
    ASP.NET app under a certain identity, it has to have its own application
    pool in IIS 6. This means I'd need 10 application pools. Partitioning the
    server resources into 10 pools is not a good idea on Windows 2003 Standard
    Edition as it divides the resources evenly among the pools. Some of my apps
    have much heavier load than the others so it's bad. Is there another way to
    leverage integrated security without having to create one app pool for each?

    Thanks
    Bob
     
    Bob, Jul 18, 2005
    #1
    1. Advertising

  2. Hi Bob,

    I'm curious as to why you think you need 10 logins to access one SQL Server?
    Your question about application pooling is well taken. The way .Net
    application pooling works, you generally don't need to manage it at all. It
    manages itself. When you re-use a Connection String, a pooled Connection can
    be re-used (automatically) by your application. However, with 10 Connection
    Strings, you are ensuring at least 10 pooled Connections. It would seem more
    efficient to use a single Windows login for all 10 databases, and assign
    that one login the necessary permissions it needs for each database. Unless
    there's something I'm missing. One reason I can think of for both using
    Integrated Security and multiple logins would be if your web app used Active
    Directory and required each user to log in as him/herself. If each user had
    access to only one database, and not all 10, that would possibly require 10
    logins, depending upon how you architect it. However, since your app is
    actually the entity that connects to the database, and not each user, it
    would probably be better to design your app to use a single login to connect
    to all the databases, and business logic to grant or deny access to
    individual clients.

    --
    HTH,

    Kevin Spencer
    Microsoft MVP
    ..Net Developer
    The sun never sets on
    the Kingdom of Heaven

    " Bob" <> wrote in message
    news:...
    >I would like to use integrated security for DB connection for my ASP.NET
    > applications. Since these apps have different databases (SQL Server), I
    > want each app to be able to access its own database. Say if I have 10
    > apps,
    > I'd need 10 logins, one login for each DB. Now throw in the windows
    > integrated security, I need 10 windows account. However, in order to run
    > an
    > ASP.NET app under a certain identity, it has to have its own application
    > pool in IIS 6. This means I'd need 10 application pools. Partitioning
    > the
    > server resources into 10 pools is not a good idea on Windows 2003 Standard
    > Edition as it divides the resources evenly among the pools. Some of my
    > apps
    > have much heavier load than the others so it's bad. Is there another way
    > to
    > leverage integrated security without having to create one app pool for
    > each?
    >
    > Thanks
    > Bob
    >
    >
     
    Kevin Spencer, Jul 18, 2005
    #2
    1. Advertising

  3. Bob

    Bob Guest

    Kevin, It's for security. Correct my apps (note not just one app) are the
    entities to connect to the DB server. I want app1 to be only able to access
    DB1, app2 only to DB2, and so on. You see my point? I don't want app1 to
    be able to access DB2 at all.

    Thanks
    Bob

    "Kevin Spencer" <> wrote in message
    news:...
    > Hi Bob,
    >
    > I'm curious as to why you think you need 10 logins to access one SQL

    Server?
    > Your question about application pooling is well taken. The way .Net
    > application pooling works, you generally don't need to manage it at all.

    It
    > manages itself. When you re-use a Connection String, a pooled Connection

    can
    > be re-used (automatically) by your application. However, with 10

    Connection
    > Strings, you are ensuring at least 10 pooled Connections. It would seem

    more
    > efficient to use a single Windows login for all 10 databases, and assign
    > that one login the necessary permissions it needs for each database.

    Unless
    > there's something I'm missing. One reason I can think of for both using
    > Integrated Security and multiple logins would be if your web app used

    Active
    > Directory and required each user to log in as him/herself. If each user

    had
    > access to only one database, and not all 10, that would possibly require

    10
    > logins, depending upon how you architect it. However, since your app is
    > actually the entity that connects to the database, and not each user, it
    > would probably be better to design your app to use a single login to

    connect
    > to all the databases, and business logic to grant or deny access to
    > individual clients.
    >
    > --
    > HTH,
    >
    > Kevin Spencer
    > Microsoft MVP
    > .Net Developer
    > The sun never sets on
    > the Kingdom of Heaven
    >
    > " Bob" <> wrote in message
    > news:...
    > >I would like to use integrated security for DB connection for my ASP.NET
    > > applications. Since these apps have different databases (SQL Server), I
    > > want each app to be able to access its own database. Say if I have 10
    > > apps,
    > > I'd need 10 logins, one login for each DB. Now throw in the windows
    > > integrated security, I need 10 windows account. However, in order to

    run
    > > an
    > > ASP.NET app under a certain identity, it has to have its own application
    > > pool in IIS 6. This means I'd need 10 application pools. Partitioning
    > > the
    > > server resources into 10 pools is not a good idea on Windows 2003

    Standard
    > > Edition as it divides the resources evenly among the pools. Some of my
    > > apps
    > > have much heavier load than the others so it's bad. Is there another

    way
    > > to
    > > leverage integrated security without having to create one app pool for
    > > each?
    > >
    > > Thanks
    > > Bob
    > >
    > >

    >
    >
     
    Bob, Jul 18, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Marina

    Using integrated security

    Marina, Jan 20, 2004, in forum: ASP .Net
    Replies:
    6
    Views:
    495
  2. Brett Smith
    Replies:
    2
    Views:
    458
    Brett Smith
    Oct 26, 2004
  3. Ted Ngo

    Transport Layer Secuity using C# 2.0

    Ted Ngo, Dec 12, 2007, in forum: ASP .Net
    Replies:
    0
    Views:
    336
    Ted Ngo
    Dec 12, 2007
  4. None

    .NET Winforms Secuity Issue - Deployment

    None, Mar 30, 2007, in forum: ASP .Net Security
    Replies:
    0
    Views:
    119
  5. Tapio Kulmala

    webservice-call / keepalive false/ integrated authentication

    Tapio Kulmala, Dec 29, 2006, in forum: ASP .Net Web Services
    Replies:
    0
    Views:
    379
    Tapio Kulmala
    Dec 29, 2006
Loading...

Share This Page