SQL Credentials - Mixed authentication or not, that is the question.

Got a topic for discussion,  I've developed an app in VB.Net, it uses SQL (any version should be compatible).
Currently I connect without any specific credentials, just using windows authentication.  Which works fine as long as the SQL is installed locally.  My app also creates a separate SQL instance, the database and several tables.
Currently the app is a clickonce installation, which as you may know runs under each user login separately.  So if another user would login to the desktop (Windows versions), they would have to install the app again. (That will be changed later, with a setup app). The problem is that the SQL may have been installed under the other user login, so the second user has no access to SQL, Also if the user does not have SQL installed they need to get a copy of express & install it manually.
Here where things get fuzzy.  If I give the user instructions on setting up SQL, should I suggest Mixed Authentication and setup my connection string with a user name and password?  That would solve access to SQL for all users logging in individually, but then what if they already have a version of sql installed?  Can they change it to mixed?  Would that possibly cause issues with other apps that may use SQL?
Then there's the issue of SQL being installed on an other Workstation or Server.  My app can browse for any SQL server & instance, but again if my connection string username & password aren't setup on the SQL Server my app will not work.

So what would some recommendations be?  Trying to appease the majority of clients.
LVL 13
ktaczalaAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Vadim RappConnect With a Mentor Commented:
> So ,you suggest NOT to attach username and password to the connection string?

Yes, but this is only one way. Another is to  create single sql server logon and password just for this application, provided that it stays hardcoded inside the application. During setup, the client runs script that creates this logon and password on sql server. What you choose depends on requirements, for example whether audit is required, i.e. to see which user has done what in the database.

> Can I still add LOGIN and USERNAME to a SQL instance if it's only  windows Authentication?

what do you mean by "add"? if you mean the connection string, then no,

>  can I connect to a SQL server if I don't have the sa account info or the windows login is from a different user or SQL is on another Computer?

If it's integrated authentication only, then you can connect only if your windows username or security group it belongs to is permitted to logon to sql server.


From http://msdn.microsoft.com/en-us/library/ms165636(v=sql.105).aspx :

During setup of SQL Server Express a login is added for the BUILTIN\Users group. This allows all authenticated users of the computer to access the instance of SQL Server Express as a member of the public role. The BUILTIN\Users login can be safely removed to restrict Database Engine access to computer users who have individual logins or are members of other Windows groups with logins.

So, if public role is enough, then it all should work. You can always grant all necessary permissions in your database to the public, if that's OK.
0
 
Vadim RappCommented:
Do the users share the data? or each one is working with his own data that just happens to be in central database?
0
 
ktaczalaAuthor Commented:
Shared data,  it's a document scan and archive app.
0
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
Vadim RappCommented:
> The problem is that the SQL may have been installed under the other user login, so the second user has no access to SQL,

The solution is probably to grant access to all users at once (or to some security group where all users who can install this application belong), rather than just to the one who installed.
0
 
ktaczalaAuthor Commented:
>vaadimrapp1<
So ,you suggest NOT to attach username and password to the connection string? And DO NOT configure SQL in a Mixed Authentication Environment.

Can I still add LOGIN and USERNAME to a SQL instance if it's only  windows Authentication?  I ask because, I updated my development version to add them, but can I connect to a SQL server if I don't have the sa account info or the windows login is from a different user or SQL is on another Computer?
0
 
ktaczalaAuthor Commented:
I need to do some more testing on this issue,  Over the weekend I'll set up some test workstations, individual , workgroups and domain.  I'll let you know my conclusions, and or issues.

>vadimrapp1
Thanks for the good info. (Didn't know that BUILTIN\Users got added by default)
0
 
ktaczalaAuthor Commented:
After digging into this more, I decided to not to worry about adding the user & password to my connections string.

As per vadimrapp1's replies the built-in/users account is good enough for the home user, for a domain environment there's a little more work but nothing that has to be done in the app.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.