O'Reilly logo

Professional ASP.NET 3.5 Security, Membership, and Role Management with C# and VB by Stefan Schackow, Bilal Haidar

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

12.4. Database Security

After the database schema is installed using aspnet_regsql, your applications still won't be able to use the database. You need to grant the appropriate account login rights to the SQL Server. And then you need to grant the appropriate rights in the application services database. The first question that needs to be answered is, which account do the SQL-based providers use when connecting to SQL Server?

Internally, all the SQL providers, including SqlMembershipProvider, will suspend client impersonation if it is in effect. This means that the identity used by the providers for communicating with SQL Server when using integrated security will be one of the following:

  • The process identity of the IIS 7.0 worker process. This is NETWORK SERVICE by default, but it can be different if you have changed the identity of the application pool.

  • If you configured application impersonation for your application, then the provider connects using the explicit credentials specified in the <identity /> configuration element.

If you have <identity impersonate="true" /> and you are using Windows authentication, the providers always suspend client impersonation. From a security perspective, it is not a good approach to grant login and database access to all potential Windows accounts on your website. If your connection string uses standard SQL security instead of integrated security, then the identity that connects to SQL Server is pretty easy to identify; it is simply the standard ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required