I'm using vb6 and i'm trying to create a connection string using an
application role.
If this is possible.
I don't know what the string should look like or whether i have put
everything in place.
I'm using Windows Authentication Mode. However I created a Application Role
and password for my app. Should i use this to connect to the db so i don't
have to use a userid? I shouldn't need a windows login to use an application
.
According to my book: "After the application has enabled and application
role, all permissions of the user are suspended, and only the permissions of
the role are enforced." Then it says later: "The best part is that all
activity is still audited with the users' login information."
Microsoft said at
http://msdn.microsoft.com/library/d...
ahx.asp :
"Use the Integrated Security keyword, set to a value of SSPI, to specify
Windows Authentication (recommended),
or
use the User ID and Password connection properties to specify SQL Server
Authentication.
Security Note When possible, use Windows Authentication. If Windows
Authentication is not available, prompt users to enter their credentials at
run time. Avoid storing credentials in a file. If you must persist
credentials, you should encrypt them with the Win32? crypto API. For more
information, see "The Crypto API Function" in the MSDN? Library at this
Microsoft Web site."
I don't can't make sense of both of these statements. How do they work
together or do they contradict? What should i do?
Here is my connection String
Provider=SQLOLEDB.1;Integrated Security=SSPI;Persist Security
Info=False;Initial Catalog=DatabaseName;Data Source=ServerName
I'm able to get it to work with my login using Windows Authenticity, but
everyone can't use my login name. I can't set permissions for all users
either.
Thanks!You still need both a login (SQL Server or Windows) and a user name in the d
atabase. Then you app
uses sp_setapprole to enter the application role. If you aren't familiar wit
h SQL Server security
architecture, read in Books Online on the topic (so you understand both the
login and the user name
concepts).
Tibor Karaszi, SQL Server MVP
http://www.karaszi.com/sqlserver/default.asp
http://www.solidqualitylearning.com/
Blog: http://solidqualitylearning.com/blogs/tibor/
"jacob" <jacob@.discussions.microsoft.com> wrote in message
news:68E272F5-7FD8-4D8C-B4B6-F8F2AEC7A70F@.microsoft.com...
> I'm using vb6 and i'm trying to create a connection string using an
> application role.
> If this is possible.
> I don't know what the string should look like or whether i have put
> everything in place.
> I'm using Windows Authentication Mode. However I created a Application Rol
e
> and password for my app. Should i use this to connect to the db so i don't
> have to use a userid? I shouldn't need a windows login to use an applicati
on.
> According to my book: "After the application has enabled and application
> role, all permissions of the user are suspended, and only the permissions
of
> the role are enforced." Then it says later: "The best part is that all
> activity is still audited with the users' login information."
>
> Microsoft said at
> http://msdn.microsoft.com/library/d...r />
_0ahx.asp :
> "Use the Integrated Security keyword, set to a value of SSPI, to specify
> Windows Authentication (recommended),
> or
> use the User ID and Password connection properties to specify SQL Server
> Authentication.
>
> Security Note When possible, use Windows Authentication. If Windows
> Authentication is not available, prompt users to enter their credentials a
t
> run time. Avoid storing credentials in a file. If you must persist
> credentials, you should encrypt them with the Win32? crypto API. For more
> information, see "The Crypto API Function" in the MSDN? Library at this
> Microsoft Web site."
>
> I don't can't make sense of both of these statements. How do they work
> together or do they contradict? What should i do?
> Here is my connection String
> Provider=SQLOLEDB.1;Integrated Security=SSPI;Persist Security
> Info=False;Initial Catalog=DatabaseName;Data Source=ServerName
> I'm able to get it to work with my login using Windows Authenticity, but
> everyone can't use my login name. I can't set permissions for all users
> either.
> Thanks!
>
没有评论:
发表评论