tags:

views:

36

answers:

2
Q: 

connecting to secure database on private network from website host

Hello all,

I've got a requirement to both read and write data via a .net webservice to a sqlserver database that's on a private network. this database is currently accessed via a vpn connection by remote client software (on standard desktop machines) to get latest product prices and to upload product stock sales. I've been tasked with finding a way to centralise this access from a webservice that the clients then access, rather than them using the vpn route to connect directly to the database.

My question is related to my .net service's relationship to the sqlserver database. What are the options for connecting to a private network vpn from a domain host in order to achive the functionality of allowing the webservice to both read and write data to the database. For now, I'm not too concerned about the client connectivity and security (tho i appreciate that this will have to be worked out too), I'm really just interested in discovering the options available in order to allow my .net webservice to connect to the private network in as painless and transparent a way as posible.

[edit] the webservice will also be available to the retail website in order for it to lookup product info as well as allocate stock transfers to the same sqlserver db. it will therefore be located on the same domain as the retail site

The option of switching the database onto public hosting is not feasible, so I have to work with the scenario as described above for now, unless there's a compelling rationale presented to do otherwise.

thanks all...

jim

+1  A: 

Can you put the service close to the database - i.e. rather than hosting that service externally, host it internally on the same network as the database. It could then talk privately with the database on the network rather than across the internet and you could point all of the clients at it across the VPN.

Sohnee  2010-05-28 12:48:03
Sohnee - alas not. I should add that, not only will these 'back-office' clients be accessing the data as before (tho via the webservice), additioanlly, the data will be used by the retail website which will use the products for lookups and allocations. The retail domain will in effect be hosting the webservice.
jim  2010-05-28 12:53:58
Sounds like an ideal case for n-tier architecture.
Sohnee  2010-06-01 08:07:32
+1  A: 

We have a similar issue, we use secure SQL connections on a none standard SQL Server port to allow customers access the database. The server is in the DMZ of our businesses web presence and hidden from the internet using a firewall where we only allow certain IP addresses to access the database.

We had the same problem of hosting externally, our customers did not want their details in the hands of a 3rd party.

By putting two network cards in the server we can service both the internal and external requirement for access to the database (internal use use 1433).

This solution has been working without issue for 7 years now and at the time it was the favoured solution that we came up with.

It's a halfway house.

Sres  2010-05-28 14:05:13
Sres - that sounds like it could be a potential solution to the problem. without exposing any security related details, would you be able to run the steps by me detailing the required processes on both endpoints in a new message?? it's a big ask i know, and you may regret answering my question :)
jim  2010-05-28 14:24:05
Hi Jim,I'm not really sure what more you need to know. Within SQL Server you can expose any port so that you can specifically have people access the database. Use the Firewall rules to make sure that only the people you want to gain access can. This requires a static IP, or use dyndns.org if your firewall will allow none ip address details to be put in.We use a direct link from the desktop based software we supply to customers to connect, exposing web services would just be as simple.Hope that helps.
Sres  2010-06-01 10:42:12
sorry Sres - just saw you comment just now. yes, that makes sense, not sure what my question was either actually - guees i was just interested in the details of implementation :)
jim  2010-06-06 18:49:19

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?