D
Dave
Hi,
I've read quite a few places where it recommends you use
integrated security in your connection string to SQL
Server
I tried this in test page to connect to the Northwind
database by setting my connection string to:
"data source=<mymachinename>;initial
catalog=Northwind;integrated security=SSPI;"
It worked as long as I added ASPNET, the account used for
running ASP.NET Worker processes, as a SQL Server Login
with access to Northwind.
My question is shouldn't each web application on the
server have it's own ASPNET-type account so it only has
accesses the databases it needs?
For example, can I setup the following?
ASPNET_Northwind (This account can only access the
Northwind site and the Northwind database)
ASPNET_Pubs ((This account can only access the Pubs site
and the Pubs database)
Otherwise if all sites use the same ASPNET account, they
can make queries to other databases.
how do I do this?
Thanks, Dave.
I've read quite a few places where it recommends you use
integrated security in your connection string to SQL
Server
I tried this in test page to connect to the Northwind
database by setting my connection string to:
"data source=<mymachinename>;initial
catalog=Northwind;integrated security=SSPI;"
It worked as long as I added ASPNET, the account used for
running ASP.NET Worker processes, as a SQL Server Login
with access to Northwind.
My question is shouldn't each web application on the
server have it's own ASPNET-type account so it only has
accesses the databases it needs?
For example, can I setup the following?
ASPNET_Northwind (This account can only access the
Northwind site and the Northwind database)
ASPNET_Pubs ((This account can only access the Pubs site
and the Pubs database)
Otherwise if all sites use the same ASPNET account, they
can make queries to other databases.
how do I do this?
Thanks, Dave.