|
In a C# 2010 windows application, I am using the following to connect to a sql server 2008 r2 database.
The app.configuration file looks like the following:
<connectionStrings>
<add name="DEVConnectionString" connectionString="Data Source=dev2008;Initial Catalog=DEV;Integrated Security=True"
providerName="System.Data.SqlClient" />
</connectionStrings>
The problem is once someone besides myself runs the application, it will not run correctly.
Thus I am assuming that the Integrated Security=True needs to be changed to a username and password that is setup for the
application to run.
Is my assumption correct? If not, would you be able to tell what I need to do so someone besides myself can run the application?
|
|
|
|
|
Setup a username and password as a security login in your sql database managemnet engine and then add that user as a security user in your specific database.
Then add the user id and password to your connection string
Everyone using your app will access the db as the same user though.
|
|
|
|
|
Your assumption is correct. Your windows domain must be added and given permission in SQL Server for Integrated Security to work. As a best practise, you should always create a dedicated database user specifically for your app and apply principle of least privileges to that user. For example, you would want your application to insert, update and delete rows from tables, but you wouldn't want you app to DROP tables or DROP the entire database itself. As a matter of fact, I have seen production applications using the built-in 'sa' account to access the database, which is really a security issue. Creating a separate user and streamlining its access also protects your database from vulnerabilities in your applications like SQL injection attacks.
|
|
|
|
|
Shameel wrote: As a best practise, you should always create a dedicated database user
specifically for your app and apply principle of least privileges to that user
For a client application.
A server uses a different idiom.
|
|
|
|