tags:

views:

1113

answers:

3
Q: 

SQL Server connection string Trusted_Connection=true issue

Hello everyone,

I am using .Net 2.0 + SQL Server 2005 Enterprise + VSTS 2008 + C# + ADO.Net to develop ASP.Net Web application.

My question is, if I am using Trusted_Connection=true with SQL Server authentication mode (not Windows authentication mode, i.e. using sa account and password in connection string in web.config), I am wondering whether Trusted_Connection=true will impact performance of my web application? And why?

thanks in advance, George

+1  A: 

This will probably have some performance costs when creating the connection but as connections are pooled, they are created only once and then reused, so it won't make any difference to your application. But as always: measure it.

UPDATE:

There are two authentication modes:

  1. Windows Authentication mode (corresponding to a trusted connection). Clients need to be members of a domain.
  2. SQL Server Authentication mode. Clients are sending username/password at each connection
Darin Dimitrov  2009-10-29 09:22:51
You mean when the first time establishing connection to SQL Server, there will be additional performance cost? And why? (my previous understanding is trusted connection will improve performance, since it is "trusted" -- may save time by bypassing some authentication cost). Correct me if I am wrong.
George2  2009-10-29 09:24:39
Yes, but in order to become `trusted` there are several exchanges that need to be done between the client and the server. Establishing SSPI handshake will be slower than a single roundtrip sending username/password.
Darin Dimitrov  2009-10-29 09:29:16
Also there's an additional cost querying Active Directory.
Darin Dimitrov  2009-10-29 09:30:32
Why Active Directory needs to be queries? I am not using Active Directory and using SQL Server based authentication mode other than Windows authentication mode.
George2  2009-10-29 09:31:28
`Trusted_Connection=True;` means Windows Authentication.
Darin Dimitrov  2009-10-29 09:38:52
And Windows Authentication means Active Directory.
Darin Dimitrov  2009-10-29 09:40:59
Thanks! If I am not in active directory based environment, is it possible to use Trusted_connection = true?
George2  2009-10-29 09:47:05
Are there any document which proves trusted connection + Windows autnentication is slower than non-trusted connection + Windows autnentication?
George2  2009-10-29 09:52:16
I have a related question, appreciated if you could take a look.http://stackoverflow.com/questions/1642705/sql-server-connection-string-asynchronous-processingtrue
George2  2009-10-29 14:56:08
+5  A: 

Not 100% sure what you mean:

Trusted_Connection=True;

IS using Windows credentials and is 100% equivalent to:

Integrated Security=SSPI;

or

Integrated Security=true;

If you don't want to use integrated security / trusted connection, you need to specify user id and password explicitly in the connection string (and leave out any reference to Trusted_Connection or Integrated Security)

server=yourservername;database=yourdatabase;user id=YourUser;pwd=TopSecret

Only in this case, the SQL Server authentication mode is used.

If any of these two settings is present (Trusted_Connection=true or Integrated Security=true/SSPI), then the Windows credentials of the current user are used to authenticate against SQL Server and any user iD= setting will be ignored and not used.

For reference, see the Connection Strings site for SQL Server 2005 with lots of samples and explanations.

Using Windows Authentication is the preferred and recommended way of doing things, but it might incur a slight delay since SQL Server would have to authenticate your credentials against Active Directory (typically). I have no idea how much that slight delay might be, and I haven't found any references for that.

Summing up:

If you specify either Trusted_Connection=True; or Integrated Security=SSPI; or Integrated Security=true; in your connection string

==> THEN (and only then) you have Windows Authentication happening. Any user id= setting in the connection string will be ignored.

If you DO NOT specify either of those settings,

==> then you DO NOT have Windows Authentication happening (SQL Authentication mode will be used)

Marc

marc_s  2009-10-29 09:26:04
Do you mean if I am using SQL Server authentication other than Windows authentication, I can not use Trusted_Connection=true?
George2  2009-10-29 09:32:12
Sorry, I mean if I want to use Trusted_connection = true, then I must use Windows authentication mode? Can I use SQL Server authentication mode with Trusted_connection = true?
George2  2009-10-29 09:41:29
Marc, I want to confirm with you that, 1. if I am using SQL Server authenticaton mode, then I cannot use Trusted_connection = true, 2. if I am using Windows authentication mode, then I can choose to either use Trusted_connection = true or not?
George2  2009-10-29 09:56:11
1.) YES, 2.) NO - trusted_connection=true means Windows Authentication and Windows Authentication **requires** trusted_Connection=true.If you specify "trusted_connection=True" ==> you have Windows Authentication; if you don't specify it, you **don't** have Windows Authentication
marc_s  2009-10-29 09:58:58
Do you mean if I use Windows authentication, I must use trusted_connection=True? I got this confusion because I am using Windows authentication in one of my project and I donot specify trusted_connection=True at the same time. :-)
George2  2009-10-29 10:01:53
Thanks Marc, question answered. I have a related question, appreciated if you could take a look.http://stackoverflow.com/questions/1642705/sql-server-connection-string-asynchronous-processingtrue
George2  2009-10-29 14:55:33
+1  A: 

When you use trusted connections, username and password are IGNORED, because SQL Server using windows authentication.

Tror  2009-10-29 09:27:50
Do you mean if I am using SQL Server authentication other than Windows authentication, I can not use Trusted_Connection=true?
George2  2009-10-29 09:30:38
If you are using trusted connection Sql Server does not care about userid and password provided in connection string. Sql Server uses credentials of current process. If you want to use Sql Server authentication you must remove trusted connection from your connection string
Tror  2009-10-29 09:39:16
Thanks! If I am not in active directory based environment, is it possible to use Trusted_connection = true?
George2  2009-10-29 09:43:50
You can't use trusted connection with Sql Server authentication. They are mutually exclusive.
Tror  2009-10-29 09:45:52
No. There is no differencies between AD, Local user account or homegroup.
Tror  2009-10-29 09:48:07
"No. There is no differencies between AD, Local user account or homegroup." -- but if ADO.Net client application and SQL Server are on different machines, and I am not in Active Directory environment, is it possible to use Windows authentication mode with Trusted_connection = true? (my confusion is how to cross-machine authenticate without Active Directory?)
George2  2009-10-29 09:50:44
No, it is not possible.
Darin Dimitrov  2009-10-29 09:52:38
Not possible for what? Cross machine authentication without AD?
George2  2009-10-29 09:53:21
Are there any document which proves trusted connection is slower than non-trusted?
George2  2009-10-29 10:11:30
There is no any performance impact with trusted connection
Tror  2009-10-29 10:24:11
Thanks for your confirmation!
George2  2009-10-29 14:54:51
I have a related question, appreciated if you could take a look.http://stackoverflow.com/questions/1642705/sql-server-connection-string-asynchronous-processingtrue
George2  2009-10-29 14:56:46

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?