Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
Dinky
Starting Member
37 Posts |
 Posted - 2009-09-01 : 22:13:25
|
| For Web Application, SQL authentication is considered typical. We are building new enterprise level web application using SQL Server 2005 and have both internal users as well as external online users of application. App architecture is based of separate Active Directory for user authentication and app permissions/security and I wanted to see if there are arguments for and again using windows authentication for all app users (existing in application's own separate Active Directory and impersonated for DB access layer Calls ) |
|
|
tkizer
Almighty SQL Goddess
38200 Posts |
Posted - 2009-09-02 : 15:29:07
|
| Handle the security at the application layer, otherwise you'll end up having to manage hundreds/thousands of accounts in SQL Server. By using this approach, your application would only use one account to authenticate and then the application would determine what level of access the user has. You would build a login screen for this type of solution.Tara KizerMicrosoft MVP for Windows Server System - SQL Serverhttp://weblogs.sqlteam.com/tarad/Subscribe to my blog"Let's begin with the premise that everything you've done up until this point is wrong." |
 |
|
|
ScottWhigham
Starting Member
49 Posts |
Posted - 2009-09-03 : 09:46:23
|
| Exactly, Tara. I just wrote something that may be helpful in another thread: http://www.sqlteam.com/forums/topic.asp?TOPIC_ID=131436========================================================I have about 1,000 video tutorials on SQL Server 2008, 2005, and 2000 over at http://www.learnitfirst.com/Database-Professionals.aspx |
|
|
|
|
|
|
Windows Authenticated v/s SQL Authentication