I’m using .Net 3.5 and SQL Server 2008 Express.
Should I use the administrator user for the connection string,
Or should I create a new user with limited permissions?
If I need to create a new user for the connection string:
What security permissions should I grant him?
How do I set those permissions?
Thanks.
You must definitely create a specific SQL login, which you will use for database hits in your application.
Access only to the database it uses.
Assign specific write/read permissions according to the logic you have.
Never use Admin users account. Decide what all permission is required by your application then create the user based on that. I dont work mostly with SQl servers but I don't think there is a definite rule for this. It depends on application and the situation.
if the application is used to display only records then grand only read access.
Please check this post too
Enterprise Connection String Management in ASP.NET - Best Practice?
never use the sysadmin (sa) account - EVER!! create a new account, probably start with a member of the Public group, which is the default and then work from there.
Also, do not embed the pwd in the connection string - rather make it part of a config file; not only is it more secure, it's easier to manage.
In fact, you should really store the entire connection string in a config file.
Related
I am newbie in asp.net. and I need to store some string (aka connection string) permanently. It is looks well if I store it to in web.config.
I need that user can modify it string via web ui. Than is why I must do it programmatically. But ApplicationPoolIdentity doesn't have writing rights to web.config. And I don't want to bother admins so that they grant rights.
I thought I can store data in some file in {user}\AppData but by default App Pool doesn't load user profile. UPDATE It's not quite right. I don't know exactly what default settings is. But I still can not get access to folder. See my paired question UPDATE2 I have access to LocalAppData now and can store my connection string. I had to write an installer who enable loading user profile. But I think this is too complex solution.
So where I can store on string and modify it programmatically without any administration of IIS?
Storing connection strings in database seems illogical to me, as you have to connect to database to read the connection string.
Better place is web.config. There are chances that if you change connection string, then IIS will restart your application but it will be good because you will change connection string when you have change your database server's location or password. IIS restart will ensure that new connection string is used in every where.
Im not using this, but is a interesting question.
If i set a Web Application on IIS to use Windows Authentication and Impersonate the Authenticated User and my ConnectionString to a SQLServer database use Integrated Security=true;, my application when try to connect to the database will use the User authenticated by the application?
If yes, this is a good thing?
( The database has LDAP/AD "Domain Users" permissions. Considering an Database that will be auditable where each user will have your actions logged.)
I believe E.K.'s answer is true only under a situation in which kerberos authentication is used. What you are describing is known as the 'double-hop'. Essentially, if the user authenticates to 'Server-A', the code that is running on 'Server-A' cannot turn around and use those credentials to access other network resources, such as a SQL Server on 'Server-B'. This is detailed quite a bit but here is a direct link: Blog Article
If you are running on a kerberos architected network, then you can mark a server as being a trusted delegation server. But for most people, this is not the case. If you'd like to learn more about how to do this, see this link.
Yes, the connections to the SQL Server will be under those users.
In general, it isn't good. But it depends on the situation. The following are main factors to consider :
Each user will require its own connection. Connections from different users can't be reused even if connection pooling is used. Creating of connection is relatively expensive operation. And each connection requires a little bit of memory
Each user needs to have its log in (or at least Windows group that the user is member of needs to have the log in). This can be additional maintenance to create log ins, etc. On the other hand, each such log in can be secured in a different way. Important to say is that securing objects for different users can be achieved also if a single account is used to connect to the SQL Server
Yes, it would use authenticated user and impersonate the "authenticated user" rights to access the database.
For more information do look on this link How To: Use Impersonation and Delegation in ASP.NET 2.0
The other approach is to use a service account a non-interactive windows domain account that has complete access to the database.
This allows connection pooling
Eliminates complex permission models to allow selected users to perform a delete on a set of data for example.
This does mean however that audit logic has to be added to the data layer of the application and to stored procedures that access the database to insure that the calling user is logged as part of the database access otherwise the service account would be the only account in the audit table.
In my MySQL database I have two kind of users
MySQL users, used to connect and access a database directly from a client such as MySQL workbench or any ODBC editor.
ASP.NET membership users + roles : used to provide login for my websites.
My situation:
When I login via a webpage using the ASP.NET user credentials. I want to create a temporary random MySQL user (assign privileges, set password etc) and give it to the currently logged in (asp.net user) to gain temporary access to the MySQL database.
I know, if ASP.NET user has root access to create users he also has complete access to the database. My problem is, I have to give the user name and password so he can connect from another client and access the database directly. (I don't want give him root access or permanent access)
Having said he can access from another client, I would like to restrict this according to his login status in my webpage. like when he logs out of my webpage the newly created MySQL user is marked as expired or deleted.
I assume this should be very possible but I cannot think of any starting point. Could anyone help me?
kind regards
krish
This is possible. You could use the create user and grant syntax to create your user and grant them privileges.
You would however need to maintain a separate table for mapping MySQL users with an expiry date.
Have you thought about a different solution?
it would be vastly more work to complete but in the long run might be a more stable / reliable and scalable solution.
Maybe create your own WCF proxy for MySQL using NET.NCP, you could then have local user accounts / temporary accounts managed by you that authorise against your WCF service rather than the database directly, the proxy would in turn would connect directly to your database. This solution would also work from 3rd party applications.
Using a custom proxy would give you much greater control such as:
Being able to log SQL for specific users Sanitise or restrict any
specific command you don’t want executed on your database Not having
your MySQL server directly contactable on the internet
Split read & writes to different servers or clusters when scaling out
Edit 1: as per comments below:
I wouldn’t recommend relying on an event for the session end as this isn’t always fired. I would suggest you create another table to manage the users and their expiry.
For example, a table that holds the user ID or username and host along with an expiration time. This could be either date time / integer (epoch) depending on your requirements.
You would then need to invoke a query to identify all accounts from this table that have expired, you could then delete the user accounts from MySQL.
Depending on your MySQL version you could wrap a lot of the logic into a few stored procedures which will make the querying and maintenance overhead easier
Question: What is the standard method for accessing back end data, which logon should you use?
Examples:
For example we have applications that require the user to login but then use an admin account to access the data from the backend.
But there are also applications that require the user to login and use those credentials to access the backend data.
Reason: We are in the process of creating an application that will require the user to login and would like to implement the more common method(standard practice) of accessing data.
If there are alternatives those are also welcome.
Note: This will be made in ASP.Net 3.5 or higher and may include Windows Applications(VB.Net) as well.
Thanks in advance.
Edit: I dont want to have two sets of credentials. What I am asking is which credentials are normally used to access the Database. For example one one application may access 2 or more database's. Now would you use the same credentials they used to login to the application or would you use the admin account to access the data?
Edit 2: Maybe this should be a seperate question but if I ended up using integrated security to access the database would the user be able to simply connect to the database using his AD account? Either through an ODBC connection and MS Access or equiv.
Why not just create a login table and a table of roles for the user? You can have a user be an Admin or a User just by setting their roles either in the Login table or in a separate table if a user can be more than one. Having 2 sets of credentials seems a pain to me.
You would typically use a single restricted permission account to access the database. This would be used as part of an application level connection string.
If you are set on having individual accounts for each user to access the database then you will need to construct the connection string dynamically using the appropriate individual username and password. You will need to store these in a table somewhere. You may find that SQL Server connection pooling becomes less effective with many different connection strings being used.
An alternative would be to use Windows authentication but this would generally require all users to be part of the same domain and you haven't indicated whether this would be possible in your case.
Our ASP.Net application uses SQL Server 2008. Most of the time the application connects to SQL Server using a SQL account with very limited access rights.
However once in a while we need to be able to create a new database on the fly. As such we need elevated permissions and I am a little nervous about storing this connection string in Web.config, which may be in a DMZ.
We are considering writing a Windows service to run on the SQL Server machine (i.e. not in the DMZ) which will monitor a table for requests to create a new database, but it seems like overkill.
Any suggestions for alternatives or recommended practices?
You can store the connection string in the registry and protect that by limiting access to the specified registry keys. That's one of the ideasI ran across back in .Net 1.1 as a reccomendation from Microsoft. The concept is still the same in 2.0 and up. Here's a link to the documentation.
http://msdn.microsoft.com/en-us/library/aa302406.aspx
It sounds like you're already concerned about security, so I'm guessing you've read through or at least run across the "Building Secure ASP.Net applications" section of the MSDN library. The link above is in the how-To section of that guide. Hopefully this is helpful.
Also, if you DO store your connection info in the web.config, at a minimum, encrypt those portions.
And I just ran across this. Probably more like what you were looking for.
http://msdn.microsoft.com/en-us/library/aa302388.aspx#secnetch08_storingsecrets
If you are using mixed mode authentication in your database connection strings (I.E., username and password) then you should encrypt the web.config connectionStrings element.
What about using a stored procedure to create the database? I haven't tried it; the one part I'm worried about is specifying the database name through a variable. By using the stored proc, you only need to grant your web id execute access on the stored proc.
Another option would be to create a console app (instead of a service). Then use a job scheduler to run the job every 15 or 30 minutes or upon request if you have a capable scheduler. That will be much simpler than writing a service; it just isn't an "instant" process. I do this for some Active Directory work that triggers off of web site updates (I didn't want to give my web id Domain Admin priveleges).