.NET application security accessing database

[peac3]

Hi Guys,

we will have a functionality in .NET web application of scheduling job in SQL Agent Job in MSSQL.

Unfortunately, it is only sysadmin member in MSSQL allowed to do this which is a limitation in microsoft.

Because we don't want to make every page member as a sysadmin for audit and security purposes.

The only thing I can think of is making separate the application login as a sysadmin to access the database and user login, but the problem is we won't be able to define the level access of different user?

How do you guys usually define the web application security accessing database?

Any input will be appreciated

 

[jmeckley]

application user != database user. you can define another connection string that uses the sysadmin account. from this connection you can schedule the job.

in the application secure the commands/pages that use the sysadmin connection to only allow certain users to access the page.

Jason Meckley
Programmer

faq855-7190
faq732-7259