"Data Source=MyServer\sqlexpress;Initial Catalog=MyDB;Integrated Security=True;Pooling=True"
At this point I can go on my merry way and log in and do my thing. My question is this, is this the right way to do this? Should I be adding IUSR to the sql group? Should I set up a sql user instead? What's the best practice for connecting to a db from an aspx page?
Any insight would be great.
Thanks ... Ed
This is a repost. I never got a response the first time.
Of course I am leaving out all the gory details of mapping a specific aspx page to a specific user, this can be bloody difficult. One way to do it is to create a .NET component hosted in COM+ and set the COM+ package to run as a specific user (having the aspx page make calls to the component). You can also twiggle around with the web.config file in aspx to do this mapping.
However, since you already have all your desired users mapped to IUSR_MyMachine by default, then you can just skip the SQLReader part, just add IUSR_MyMachine as login to only the MyDB database and only grant read access and you are set. This is assuming you are ok for any user that hits your web site to read from the SQL database.|||Thanks for the response. You've given me a lot to think about. I appreciate the thoughtful comments.
Later ... Ed
No comments:
Post a Comment