p2p.wrox.com Forums

p2p.wrox.com Forums (http://p2p.wrox.com/)
-   BOOK: Beginning ASP.NET 1.0 (http://p2p.wrox.com/book-beginning-asp-net-1-0-26/)
-   -   C# Web Apps & Databases (http://p2p.wrox.com/book-beginning-asp-net-1-0/34-c-web-apps-databases.html)

enewmen June 3rd, 2003 08:10 PM

C# Web Apps & Databases
 
Worx:

I've bought and read your "Beginning C# Web Applications with Visual Studio .NET" book by Danniel Cazzulino.
I think the book explains ASP.NET, C#, and the basics well with a good balance between theory and tutorial examples.
However, I have many questions about the MSDE connecting.

I've been getting many errors such as "sa is not a trusted username" "Authentication problems" etc. I was able to finish all the tutorials after getting an eval verison of SQL 2000 and playing with Enterprise Manager.

It seems to me that I have a basic lack of understanding with MSDE and SQL Server connecting with ADO.NET. After the database and ADO.NET are connected, everything works well as described in the book.

Most SQL Server books I've seen discuss how to build tables, query strings, normalization, and so on. But, that's not my big problem.

Can someone please recommend a book which covers most these issues and expands Chapter 4,5 and Appendix B (preferably in a C# & a Web environment).

Thanks for the good books!

Erric

this form is a good idea :D

Life to the fullest

Imar June 6th, 2003 02:22 PM

Hmmmm, there are lots of books dealing with these issues so it's hard to name one.

Anyway, what you may need is a basic understanding of the authentication mechanism of SQL Server and MSDE. The MSDE is basically the same as SQL Server, except that it's limited to just a few users (after 5, if I recall correctly, things start to slow down).

Anyway, SQL Server 2000 (and MSDE 2000) have two different security mechanisms: SQL Security and Integrated Security.

The first is the easiest to understand. You define a user in SQL server, supply an account and a password which you can use to connect to the server. An example of a connection string looks like this:

"Provider=sqloledb;Data Source=ServerName;Initial Catalog=DatabaseName;User Id=YourUser;Password=YourPassword;"

Since you need to store the password in the connection string (and thus in include files or configuration files) this is considered an insecure solution. However, it's easy to set up and use. Once you can log in to the Query Analyzer with this account, you can be pretty sure you connect to it from a database.

The other possibility is Integrated Security where the connection is made under the context of the "current user". An example of a connection string could look like this:

"Provider=sqloledb;Data Source=ServerName;Initial Catalog=DatabaseName;Integrated Security=SSPI;" "

You can also replace Integrated Security=SSPI; with Trusted_Connection=True if I am not mistaken (it's Friday afternoon, with beautiful weather and too much beer here ;) )

Now, the concept of the "current user" may be hard to graps at first as it depends on a lot of factors.

First of all, the IIS user is used in ASP solutions when IIS is set to Anonymous access. If that's the case, the IUSR_MachineName is the current user. For ASP.NET solutions, the ASPNET account is that user.

If anonymous access is off (you use Basic or Integrated security in IIS) the current user is the user visiting your site.

For more details on the ASPNET account, check out:

http://msdn.microsoft.com/library/de...SecNetHT01.asp

As for recommendations, it really depends on your application. In classic ASP I'd like to have a VB DataAccess layer that takes care of all the data access. This DLL can be configured using COM+ to use a specific user context.
In ASP.NET with Anonymous Access, Integrated Security has always worked for me (add the ASPNET account as a database account). Alternatively, you can change that account as the URL I posted suggests.

I know it's not a book, but it may give you a head start in the right direction.

Regards,

Imar

enewmen June 6th, 2003 04:43 PM

Imar:

Thanks for the info. You did point me in the right direction.

Erric


Life to the fullest


All times are GMT -4. The time now is 12:51 PM.

Powered by vBulletin®
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
2013 John Wiley & Sons, Inc.