rcl58
asked on
SQL Security Access for WPF Application
I have developed a C# WPF application that implements a role type access to SQL database tables. My application gets the user's Windows identity and manages CRUD from there.
Do I simply setup a SQL User on my DB for my application then pass the Id and password through the App.config connection string? I would rather not have to place the password in the App.config file. Is there a better way?
Thanks
Do I simply setup a SQL User on my DB for my application then pass the Id and password through the App.config connection string? I would rather not have to place the password in the App.config file. Is there a better way?
Thanks
ASKER
I'm thinking my application does SQL authentication. I get the user Win Identity when a user opens my app. The app connects to SQL and then the app accesses the role tables I've setup to grant CRUD rights based on the user Win Id.
The questions is as you're using the Windows user identity already, why not using Windows authentication? I seems like unnecessary work. But it depends on the kind of application and your environment, where and how it is run.
See also Choose an Authentication Mode.
See also Choose an Authentication Mode.
ASKER
I'm trying to avoid setting up user permission in SQL. By setting up one "application" User I don't have to manage permissions for all the individual users.
It's an internal WPF app accessing a internal SQL database with 70+ tables.
It's an internal WPF app accessing a internal SQL database with 70+ tables.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Got it Thanks!
What are you doing exactly? Do you want to use Windows authentication, thus AD integrated security or do you want separate SQL Server authentication? In the first case you can manage users by using security groups instead of single users, which would be necessary for SQL Server authentication.