tags:

views:

99

answers:

2
+5  Q: 

Database access restriction for asp.net

Hi,

I have this question for quite a long time...

I have seen many discussions about granting role based access for Databases... But with respect to asp.net web apps... The web app is any way going to connect to the database, with the ID specified in connection string, irrespective of the user connected to the application... (except for windows auth model)...

In such a scenario... There is no need to create individual user's login in DB, and provide him with required roles and access restrictions..

Does this mean, we need not have to worry about user access restricion in DB for asp.net apps, except for the user used in Connection String... or am I getting it wrong somewhere.

Thanks

+2  A: 

There is no need to create individual user's login in DB, and provide him with required roles and access restrictions

Correct.

Does this mean, we need not have to worry about user access restricion in DB for asp.net apps, except for the user used in Connection String

Essentially. But the user may still be allowed access to only certain parts of the application... Administrative rights may not be granted to all users, for example. So you still need a user security mechanism for the application that grants application rights to specific users.

Such a security implementation can be implemented in a number of different ways. One way is to provide user security tables in the database that tell the application what rights each user has. Another way is to use Active Directory to store and retrieve user roles.

Robert Harvey  2010-02-08 03:50:48
In the second part.. Are you talking about granting access to only certain parts of the ASP.NET Application or Database... If it is DB, I still not got your point... If ASP.NET application, I understand, and those access restriction are within the boundary of web application and has no connection with DB... Is this right?
The King  2010-02-08 03:55:19
That's right. The login for the DB is just for the application. The user rights are established via some mechanism other than DB logins.
Robert Harvey  2010-02-08 04:14:53
+1  A: 

Regarding your statement

"Does this mean, we need not have to worry about user access restricion in DB for asp.net apps, except for the user used in Connection String"

the short answer is "Yes"

The long answer is: The approach you have explained is generally called the "Trusted sub system model". The following URLs provide more details about this model: Trusted substem MSDN link

Subbu  2010-02-08 11:15:17

related questions

Subsonic Vs NHibernate
How to check For File Lock in C# ?
Is nAnt still supported and suitable for .net 3.5/VS2008?
Limit size of Queue<T> in .NET?
Viewstate invalid when using Safari
Free OCR library
Unhandled Exception Handler in .NET 1.1
Localising date format descriptors
Get a new object instance from a Type in C#
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
.NET Testing Framework Advice
Embedded Database for .net that can run off a network
Automatically update version number
Homegrown consumption of web services
How do you migrate a large app from VB6 to VB .net ?
.NET Migrations Engine
Adding Scripting functionality to .NET applications
SQLite and XSD
Floating Point Number parsing: Is there a Catch All algorithm?
How do I programmatically create a PDF in my .NET application?
How do I sync the SVN revision number with my ASP.NET web site?
XSD DataSets and ignoring foreign keys
Anatomy of a "Memory Leak"
Reliable Timer in a Console Application
How do I calculate relative time?