Thursday, March 3, 2011

Best way(s) for connecting SQL Server in ASP.NET?

  - Connect via SQL Server ID that is stored in web.config.
   Pro: simple.
   Cons: password in web.config; have to specifically configure SQL Server ID.

   - Connect via user NT ID via ASP.NET impersonation.
    Pro: no passwords in web.config; fine-grained control of security per user.
    Cons: administrative overhead of configuring user accounts in SQL Server; SQL Server monitoring of application is scattered across many accounts.

    - Run ASP.NET as a custom NT ID, and have that NT ID configured in SQL Server.
   Pros: connecting to SQL Server as one ID - simple; no passwords in web.config.
   Cons: complicated from a security perspective. Have to configure custom SPNs in Active Directory for Kerberos authentication.

No comments:

Post a Comment