I have this question for quite a long time…
I have seen many discussions about granting role based access for Databases… But with respect to asp.net web apps… The web app is any way going to connect to the database, with the ID specified in connection string, irrespective of the user connected to the application… (except for windows auth model)…
In such a scenario… There is no need to create individual user’s login in DB, and provide him with required roles and access restrictions..
Does this mean, we need not have to worry about user access restricion in DB for asp.net apps, except for the user used in Connection String… or am I getting it wrong somewhere.
Thanks
Correct.
Essentially. But the user may still be allowed access to only certain parts of the application… Administrative rights may not be granted to all users, for example. So you still need a user security mechanism for the application that grants application rights to specific users.
Such a security implementation can be implemented in a number of different ways. One way is to provide user security tables in the database that tell the application what rights each user has. Another way is to use Active Directory to store and retrieve user roles.