views:

1113

answers:

3

Hello everyone,

I am using .Net 2.0 + SQL Server 2005 Enterprise + VSTS 2008 + C# + ADO.Net to develop ASP.Net Web application.

My question is, if I am using Trusted_Connection=true with SQL Server authentication mode (not Windows authentication mode, i.e. using sa account and password in connection string in web.config), I am wondering whether Trusted_Connection=true will impact performance of my web application? And why?

thanks in advance, George

+1  A: 

This will probably have some performance costs when creating the connection but as connections are pooled, they are created only once and then reused, so it won't make any difference to your application. But as always: measure it.


UPDATE:

There are two authentication modes:

  1. Windows Authentication mode (corresponding to a trusted connection). Clients need to be members of a domain.
  2. SQL Server Authentication mode. Clients are sending username/password at each connection
Darin Dimitrov
You mean when the first time establishing connection to SQL Server, there will be additional performance cost? And why? (my previous understanding is trusted connection will improve performance, since it is "trusted" -- may save time by bypassing some authentication cost). Correct me if I am wrong.
George2
Yes, but in order to become `trusted` there are several exchanges that need to be done between the client and the server. Establishing SSPI handshake will be slower than a single roundtrip sending username/password.
Darin Dimitrov
Also there's an additional cost querying Active Directory.
Darin Dimitrov
Why Active Directory needs to be queries? I am not using Active Directory and using SQL Server based authentication mode other than Windows authentication mode.
George2
`Trusted_Connection=True;` means Windows Authentication.
Darin Dimitrov
And Windows Authentication means Active Directory.
Darin Dimitrov
Thanks! If I am not in active directory based environment, is it possible to use Trusted_connection = true?
George2
Are there any document which proves trusted connection + Windows autnentication is slower than non-trusted connection + Windows autnentication?
George2
I have a related question, appreciated if you could take a look.http://stackoverflow.com/questions/1642705/sql-server-connection-string-asynchronous-processingtrue
George2
+5  A: 

Not 100% sure what you mean:

Trusted_Connection=True;

IS using Windows credentials and is 100% equivalent to:

Integrated Security=SSPI;

or

Integrated Security=true;

If you don't want to use integrated security / trusted connection, you need to specify user id and password explicitly in the connection string (and leave out any reference to Trusted_Connection or Integrated Security)

server=yourservername;database=yourdatabase;user id=YourUser;pwd=TopSecret

Only in this case, the SQL Server authentication mode is used.

If any of these two settings is present (Trusted_Connection=true or Integrated Security=true/SSPI), then the Windows credentials of the current user are used to authenticate against SQL Server and any user iD= setting will be ignored and not used.

For reference, see the Connection Strings site for SQL Server 2005 with lots of samples and explanations.

Using Windows Authentication is the preferred and recommended way of doing things, but it might incur a slight delay since SQL Server would have to authenticate your credentials against Active Directory (typically). I have no idea how much that slight delay might be, and I haven't found any references for that.


Summing up:

If you specify either Trusted_Connection=True; or Integrated Security=SSPI; or Integrated Security=true; in your connection string

==> THEN (and only then) you have Windows Authentication happening. Any user id= setting in the connection string will be ignored.


If you DO NOT specify either of those settings,

==> then you DO NOT have Windows Authentication happening (SQL Authentication mode will be used)


Marc

marc_s
Do you mean if I am using SQL Server authentication other than Windows authentication, I can not use Trusted_Connection=true?
George2
Sorry, I mean if I want to use Trusted_connection = true, then I must use Windows authentication mode? Can I use SQL Server authentication mode with Trusted_connection = true?
George2
Marc, I want to confirm with you that, 1. if I am using SQL Server authenticaton mode, then I cannot use Trusted_connection = true, 2. if I am using Windows authentication mode, then I can choose to either use Trusted_connection = true or not?
George2
1.) YES, 2.) NO - trusted_connection=true means Windows Authentication and Windows Authentication **requires** trusted_Connection=true.If you specify "trusted_connection=True" ==> you have Windows Authentication; if you don't specify it, you **don't** have Windows Authentication
marc_s
Do you mean if I use Windows authentication, I must use trusted_connection=True? I got this confusion because I am using Windows authentication in one of my project and I donot specify trusted_connection=True at the same time. :-)
George2
Thanks Marc, question answered. I have a related question, appreciated if you could take a look.http://stackoverflow.com/questions/1642705/sql-server-connection-string-asynchronous-processingtrue
George2
+1  A: 

When you use trusted connections, username and password are IGNORED, because SQL Server using windows authentication.

Tror
Do you mean if I am using SQL Server authentication other than Windows authentication, I can not use Trusted_Connection=true?
George2
If you are using trusted connection Sql Server does not care about userid and password provided in connection string. Sql Server uses credentials of current process. If you want to use Sql Server authentication you must remove trusted connection from your connection string
Tror
Thanks! If I am not in active directory based environment, is it possible to use Trusted_connection = true?
George2
You can't use trusted connection with Sql Server authentication. They are mutually exclusive.
Tror
No. There is no differencies between AD, Local user account or homegroup.
Tror
"No. There is no differencies between AD, Local user account or homegroup." -- but if ADO.Net client application and SQL Server are on different machines, and I am not in Active Directory environment, is it possible to use Windows authentication mode with Trusted_connection = true? (my confusion is how to cross-machine authenticate without Active Directory?)
George2
No, it is not possible.
Darin Dimitrov
Not possible for what? Cross machine authentication without AD?
George2
Are there any document which proves trusted connection is slower than non-trusted?
George2
There is no any performance impact with trusted connection
Tror
Thanks for your confirmation!
George2
I have a related question, appreciated if you could take a look.http://stackoverflow.com/questions/1642705/sql-server-connection-string-asynchronous-processingtrue
George2