I'm working with getting a legacy app in line with current SQL Server security standards at my organization and would like the application to use Windows authentication when making SQL Server stored procedure calls from an ASP classic app runniing on a Windows Server 2008 web server. If it's too much trouble I can create a SQL Server account but would like to use integrated security. I'm looking for the best practice with this type of configuration. Any help is greatly appreciated.
By ASP side it should be easy, it's a matter of connection string.
Try this one:
strConn="Driver={SQL Server}; Server=[YOUR HOST]; Database=[YOUR DB]; Trusted_Connection=Yes;"
Before that, you have to properly configure IIS
Related
Testing SQL queries with large datasets against Azure SQL server may be costly, so it is better for me to test my code against a local server. I would like to create a new local server with "SQL Server authentication" rather than "Windows authentication", and I would like to keep my default local server that uses Windows authentication.
In lack of better phrasing:... is it "common" to have multiple SQL servers with different authentication methods on the same Windows-10 pc ?
If it is "straight-forward" to do this, then please share "how-to", or share better jargon for web searches. I did not find much information on this when googling "create new local server with sql server authentication"
As you may easily catch from the text: I'm not an IT expert...
Yes, you can use at an instance and solely your will to provide the accesses.
where you can use Windows Authentication mode and mixed mode.
More information about Windows Authentication may be found at: Connecting Using Windows Authentication.
We may utilize SQL Server Authentication to solve your problem by passing the user name and password.
A company I work for has an application written in VB.net with a SQL Server database storing all information. Works fine no complaints, but we also want to upload/download files within the application, and have the files + SQL Server database on a remote server i.e. working over the internet.
We could just use a VPN but that's not the best method. What would you suggest we use to communicate securely between the application and the remote server for both the database and filesharing?
I was thinking of doing everything over HTTPS, but we would need some kind of agent on the other end to receive requests.
Sorry if this is a noob question, I have no experience with VB.net myself, I usually use PHP + C!
Thanks
Use a VPN. It implies just deployment and configuration.
'Going over HTTPS' means you rewrite your application, as the current VB app is expecting T-SQL and SMB endpoints to discuss with.
I am trying to find code examples of:
1. Remote MVC App on IIS
2. Data is on the customers SQL Server and on the windows domain they are using their web browser from.
I have a MVC app that works well with IIS and SQL Server being on the same domain.
However, I am trying to figure out how to extend the MVC App to multiple customers by hosting the site on a remote IIS server and having the remote MVC application on IIS query the customers SQL Server database.
I am comfortable with MVC, Entity Framework, & SQL Server but have had a hard time finding examples for this scenario.
You can certainly change the connection string of your application to work with any remote SQL Server instance you please. Obviously being outside the domain poses some additional challenges and security risks that you should consider, however, to get them talking to each other you can simply specify the server address in your connection string like so:
Data Source=192.168.10.1,1433;Network Library=DBMSSOCN;Initial Catalog=myDataBase;User ID=myUsername;Password=myPassword;
The Network Library parameter forces the use of TCP/IP as a network protocol. Note that the customer will have to set up a SQL Server Authentication user on their database to simplify this scenario - using a trusted connection will be impossible unless you integrate your Windows domains, which could be a significant amount of work for little benefit.
I'm want to create a SQl Server login for a IIS web application. Since the Web Application using IIS 7.5 identity, and in addition in production the Sql Server may be in a separate machine, I'm looking for use a user and password based connection string.
Now, I'm a little confused how to create this login in Sql Server 2008 R2. Should I use databawse specific User, or a global login? Should I Database Role or Application Role?
What are the best practices to get a login for an IIS application that don't use Stored Procedures, but makes a use of an ORM tool, like NHibernate?
The following article:
http://msdn.microsoft.com/en-us/library/bb882673.aspx
recommends using Integrated Security to connect to the database.
I've been developing a site using ASP.NET MVC, and have decided to use the new SQL Server 2008 FILESTREAM facility to store files 'within' the database rather than as separate entities. While initially working within VS2008 (using a trusted connection to the database), everything was fine and dandy. Issues arose, however, when I shifted the site to IIS7 and changed over to SQL authentication on the database.
It seems that streaming a FILESTREAM doesn't work with SQL authentication, only with Windows authentication. Given this, what is the best practice to follow?
Is there a way to force this sort of thing to work under SQL authentication?
Should I add NETWORK SERVICE as a database user and then use Trusted authentication?
Should I create another user, and run both the IIS site and the database connection under this?
Any other suggestions?
Take a look at this article. I don't know a whole lot about FileStreaming and security, but there are a couple of interesting options in the FileStreaming setup such as allowing remote connections and allow remote clients to access FileStreaming