Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2006
  • Last Modified:

How to to use sql server application role in my connection string

My current application uses very powerful credential to access the sqlserver backend database. I want to improve this security hole in my application by using application role created.
I created one call:app-role, and it password =password.
In my webconfig file i just the app-role with it password. but when i trying to log in it fail.
Can some tell me what am doing wrong .I will appreciate a sample
0
Atouray
Asked:
Atouray
  • 3
  • 2
  • 2
1 Solution
 
Surendra NathTechnology LeadCommented:
for authenticating in SQL Server, you can choose either a windows authentication or a SQL authentication or both of them...

in your case I suggest you to use the SQL Authentication and put them in the webconfig file.....

and add all the roles that you want to the SQL authenticated User....
0
 
AtourayAuthor Commented:
I know about the two types of authentication on sqlserver.
The sqslserver database user account my application uses to login can be easily access for example our internal developers. once they are able to get the credentials from the web configuration, they can use it to login with management studio.But with Application role, the web application can use it and even is access by some one else , it cannot be use to login with management studio. This is my objective of using application role in my connection string
0
 
Surendra NathTechnology LeadCommented:
instead of it you can use the firewall on the SQL Server machine, to allow only your webserver or application servers incoming connections and block any other IP's.

This way any one who will have the physical or remote access to your application server can only login into the SQL Server.
0
The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

 
AtourayAuthor Commented:
Application Roles;
This application role enable you to grant permissions to specific application.
For Example you might have a web application that needs to interact with a database hosted on a back-end sqlserver instance.
Rather that having a user access the database with a database user permission, the user accesses the data by the permission assigned to the
application role.
This is why am using this approach.After this, i can configure my application to be access via certain port through fire wall.
0
 
Anthony PerkinsCommented:
I suggest you read up on Application Roles and in particular the use if sp_setapprole
0
 
AtourayAuthor Commented:
My question was not fully answer but your link is useful
0
 
Anthony PerkinsCommented:
My question was not fully answer but your link is useful
Perhaps next time you will take the time to re-read the EE Guideline regarding grading.  Clearly you need a re-refresher.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 3
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now