question on windows auth

[chris]

Hi
I am working on an intranet application. I am using windows integrated authentication. Now since the authentication is done by active directory can I use a specified user name and password in my connection string and not SSPI? You see I created a user/login in sql server with minimum privledges

Thanks

 

[Ken Schaefer]

Yes, and no.

The connection to SQL Server needs to be in the context of the calling user.
If you are using Windows Auth, that doesn't mean you need to use
impersonation of the authenticating user. You can have ASP.NET impersonate a
fixed identity instead (i.e. the fixed user you granted permissions in SQL
Server).

The easiest way to do this is just to set the <identity impersonate="true"
user="" password="" /> section in web.config.

Cheers
Ken

: Hi,
: I am working on an intranet application. I am using windows integrated
authentication. Now since the authentication is done by active directory can
I use a specified user name and password in my connection string and not
SSPI? You see I created a user/login in sql server with minimum privledges.
:
: Thanks

 

[avnrao]

i think you have created user/login in sql server to provide access to set
of objects (giving read/exec permissions right).
but do that only if your functionality demands. in this case you will not be
utilizing benefits of connection pooling.

use only one identity to connect to sql server.

Av.