Plateforme Level Extreme
Abonnement
Profil corporatif
Produits & Services
Support
Légal
English
ASPNET user password
Message
Information générale
Forum:
ASP.NET
Catégorie:
Autre
Titre:
Re: ASPNET user password
Divers
Thread ID:
00845202
Message ID:
00845326
Vues:
15
>However, when I impersonate, I still need to expose the password in the web.config file ( just as I was previously exposing the db password in my web.config ).

If you use Integrated Authentication you don't need to provide anything to SQL Server - it will grab it from the currently active account which will be the impersonated account.

Another option is to allow ASPNET access to your SQL Database. To do this simply add ASPNET as a user of the database and then add the user to your database. This is a potential security risk (but only if your machine is compromised already anyway)... then again so is Impersonation - even more so because with Impersonation you're giving extended rights to the Web user, whereas with adding ASPNET you're only allowing access to this specific resource (SQL).

+++ Rick ---


>
>So, what gives? One of the reasons cited in the article I read about windows authentication ( I think i read it in the recent security issue of MSDN Mag ) being so great is that you didn't have to deal with the password.
>
>Feedback anyone?
>
>Dave
+++ Rick ---

West Wind Technologies
Maui, Hawaii

west-wind.com/
West Wind Message Board
Rick's Web Log
Markdown Monster
---
Making waves on the Web

Where do you want to surf today?
Précédent
Suivant
Répondre
Fil
Voir

Click here to load this message in the networking platform