Mixed mode in SQL server..

[Paul M]

Hi folks,

Just starting down the ASP.NET route after many years of VB/VBA. Been
looking at the security stuff and it seems that Forms authentication seems
to be the most popular route taken and seemingly one of the safer routes.

The only thing I'm not too happy with is exposing my good old SQL 2K server
to mixed mode authentication (after a few hack free years of trusted
connections). Am I right in saying there is no way of being able to
authenticate users AND map to database roles, except using mixed mode in SQL
server?

Cheers...P

[Mary Chipman]

Did you use Windows authentication before and it worked? If so, then
it should still work now. You can map Windows users and groups to SQLS
database roles. If you're talking about an ASP.NET app, it all depends
on whether or not you use impersonation (not is preferred). If you use
a single login from ASP.NET, you can certainly use a Windows account
for connection but you'd need to roll your own roles at the method
level to implement role-based security since everyone will be
connecting through that single login. .NET does support mix-and-match
in this scenario with WindowsPrincipal and GenericPrincipal objects.

-- Mary
MCW Technologies
[url]http://www.mcwtech.com[/url]

On Mon, 1 Dec 2003 16:34:52 -0000, "Paul M" <masonp@trials.bham.ac.uk>
wrote:

>
>Hi folks,
>
>Just starting down the ASP.NET route after many years of VB/VBA. Been
>looking at the security stuff and it seems that Forms authentication seems
>to be the most popular route taken and seemingly one of the safer routes.
>
>The only thing I'm not too happy with is exposing my good old SQL 2K server
>to mixed mode authentication (after a few hack free years of trusted
>connections). Am I right in saying there is no way of being able to
>authenticate users AND map to database roles, except using mixed mode in SQL
>server?
>
>Cheers...P
>