Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
kpgraci
Yak Posting Veteran
68 Posts |
 Posted - 2013-04-17 : 09:50:33
|
| SQL SVR 2008 R2I currently have both windows auth and server auth enabled. I use server auth to allow me to use sql svr mgmt studio to remotely administer the db, and also so I can test my app remotely (on the dev box) using live data. I have renamed the sa account and am using a strong password, additionally I scan the sql svr logs for any brute force attacks and automatically add the offending IP's to the secpol blocked list.I seldom use the remote debugging and I can runs mgmt studio from the server (via remote desktop) for any admin needs, so I am considering getting rid of server auth and using only windows auth.I am a programmer with only enough sql server knowledge to be dangerous.To make sure I have the basics correct: Is it true that server auth is used only to allow over the internet connection and with windows auth the user must be logged on to the server?So with my website that uses the sql server, the users will be logged in as a temporary Internet user and if I allow this account access to the sql server my site will (with the appropriate connection string) still be able to asscess the db?This seems correct but in implementing the details I have failed.My site is an asp.net 4 site, the server has an IIS_User group so I created a user account and added it to this group. I gave this account access in sql server and setup the connection string but could not connect.Exactly how do I need to configure the server (windows server 2008 r2) and sql server to allow my asp.net 4.0 website to to use windows authentication?kpg |
|
|
|
|
|
Trying to understand windows authentication