Friday, October 15, 2004

Configuring SQL Server Security for .NET Applications

This article describes how to configure the SQL Server for .NET applications. By default, the SQL Server denies access to user accounts that have not explicitly been granted access to a database, a table, or a view. By default, ASP.NET applications run in the context of the ASPNET user account. Unless you permit access to the ASPNET user account, an ASP.NET application cannot read and cannot update data in an SQL Server database. This article describes the process that you can use to permit an ASP.NET application to have permissions to an SQL Server 2000 database.

Note You must give the ASPNET user account only minimal permissions to run. This limits the potential damage that may result to an ASP.NET application that is compromised by a malicious attacker.


No comments: