ok i have my GUI installed on the server which has users as administrator as the role of an administrators and user1 which has the role of the guest…
I have one project and there are different pages for administrators and guests… when the login screen comes up and the administrator logs in he should be redirected to the admin.aspx page and for user1 he should be redirected to the guest.aspx page.
Now the scenario is i have 10 users in a company and one administrator. This GUI is on the network server and these 10 users are able to access it as guests.
How do the guest user logs in and can access the SQl database in the read only mode but when the administrator user logs in he can access the database in the read and write mode.?? I dont know how to do this really… any suggestions
(by IIS server or webconfig or some setting in SQL server)
and the previous question is what to use (forms or windows authentication) where can i get information on how to set up this kind of authentication???? Is there the need to use impersonation also??
I know this isn’t directly answering your question, but unless you are letting your users (and administrators) write their own queries (which you should never do BTW!) it shouldn’t matter.
Users should only have access to options that allow them to read data from the database, not update that data. If they do then it’s bad UI design.
You should make sure that the account that “Users” use only has read access – do this from Management Studio. Connect to you server and expand Security > Logins in the Object Explorer. Right click and select New Login… fill out the form – select “SQL Server authentication”. You can then grant and deny access to the relevant parts of your database. Check the SQL Server documentation for more details.