Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
JacobPressures
Posting Yak Master
112 Posts |
 Posted - 2005-09-27 : 15:53:00
|
| I don't know what the string should look like or whether i have put everything in place. I'm using Windows Authentication Mode. However I created a Application Role and password for my app. Should i use this to connect to the db so i don't have to use a userid? I shouldn't need a windows login to use an application. According to my book: "After the application has enabled and application role, all permissions of the user are suspended, and only the permissions of the role are enforced." Then it says later: "The best part is that all activity is still audited with the users' login information." Microsoft said at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adosql/adoprg01_0ahx.asp : "Use the Integrated Security keyword, set to a value of SSPI, to specify Windows Authentication (recommended), or use the User ID and Password connection properties to specify SQL Server Authentication. Security Note When possible, use Windows Authentication. If Windows Authentication is not available, prompt users to enter their credentials at run time. Avoid storing credentials in a file. If you must persist credentials, you should encrypt them with the Win32® crypto API. For more information, see "The Crypto API Function" in the MSDN® Library at this Microsoft Web site." I don't can't make sense of both of these statements. How do they work together or do they contradict? What should i do?Here is my connection StringProvider=SQLOLEDB.1;Integrated Security=SSPI;Persist Security Info=False;Initial Catalog=DatabaseName;Data Source=ServerNameI'm able to get it to work with my login using Windows Authenticity, but everyone can't use my login name. I can't set permissions for all users either. Thanks! |
|
|
derrickleggett
Pointy Haired Yak DBA
4184 Posts |
|
|
jen
Master Smack Fu Yak Hacker
4110 Posts |
Posted - 2005-09-28 : 01:59:13
|
| logins are different from approlesthe login is used to gain access to the server/database, the approle is used to invoke the permission set for that approlewhatever your login setting is you still need to set the approlefor windows authentication, your connection string is okProvider=SQLOLEDB.1;Integrated Security=SSPI;Persist Security Info=False;Initial Catalog=DatabaseName;Data Source=ServerNamenow you have access, what you need to do is to set the approle using your connection above --execute the query belowexec sp_setapprole @rolename = 'role' ,@password ={Encrypt N 'password'}the permissions now for the objects shall depend on the permissions you've set for the approle.HTH--------------------keeping it simple... |
 |
|
|
|
|
|
|
|
Connection String using application roles