DevDays: A simple way to configure a domain account to access the database

50 Comments

• If somebody can access your configuration file what's to stop them from reading it and accessing the registry and decrypting your user name and password? Once again, this is not making your app any more secure than storing credentials directly in the config file.
  
  
  
  Oh and you have to give this account the same privileges ASPNET account has (registry and file ACLs), which makes deployment a bit complicated since there are no command line tools to set registry ACLs.
  

• Jerry,
  
  
  
  Actually, it does make it more secure.
  
  
  
  It's quite a bit harder to get to the registry than it is to get to a web.config file. An admin that inadvertently turns off the file mappings for ASP.NET might compromise your web.config file. But if you store the credentials encrypted in the registry then there are still two extra steps for an attacker to get to user account that can do "stuff" after they got the web.config file: getting to the registry and decrypting the credentials. It's three additional steps if you secure the registry key.
  
  
  
  Remember, writing secure apps is about two things, identifying the off cases where security is compromised (what happens if ... ) and then making extremely hard to exploit an eventual beach. In this case you
  
  
  
  There are certainly trade-offs to make. Are you going to protect your data or are you opting for easy developent and deployment. Is security more important than performance, etc.
  
  
  
  Your attackers make the same trade-off decisions: How much effort am I going to put into getting your secured data while risking to get caught.
  
  
  
  It's up to decide you how much security you want and how much you want to pay for it. That's the reality regardless which platform you develop on, btw.
  
  
  
  HTH,
  
  Christoph
  

• Wouldn't this work by creating the same "local" account (w/same password) on both the web server and SQL Server? I know that's more of a maintenance headache, but do you really want web code running in the context of a domain user?
  

• Bryant,
  
  
  
  I didn't need the hotfix with the .NET Framework V1.1. The fix described in the KB article does not work on a box with .NET 1.0 SP2, which makes sense, because the build number is newer (360) than the one on the .NET 1.0 SP2 assemblies (288).
  
  
  
  Thank you for pointing this out!
  
  
  
  And btw. BizTalk Server 2004 does install aspnet_setreg. You don't need to download if you alread have BTS installed.
  

• Josh,
  
  
  
  I know that you can set up two local acounts with the same username/password to get ASP pages to read files from another server. I was never particularly fond of that "feature", since I believe that the fact that authentication ignores the origin of the account isn't correct.
  
  
  
  I did double check to find that you can do connect to SQL Server as well once you grant the remote login permission to the account and add the account to SQL Server. Yet, I am still not fond of this "feature".
  
  
  
  I don't see a problem assigning a domain account to access the database. It greatly simplifies maintenance (as you already pointed out) and you can dummy down the account by removing all permissions until you can't do anything different than the local ASPNET account can do.
  
  
  
  You do have to pay extra attention to the account setup though, because you if you mess up the permissions on that account (like accidentally making it a member of the Power Users or Admistrators Group), then the risk for damage is much, much greater than it would be for a bad configuration on a local account.
  
  
  
  HTH,
  
  Christoph
  

• Attractive section of content. I just stumbled upon your site and in accession capital to assert that
  I get actually enjoyed account your blog posts. Anyway I will be subscribing to your augment
  and even I achievement you access consistently rapidly.
  

• I don't comment, but I read some of the remarks on this page DevDays: A simple way to configure a domain account to access the database -
  

• I am genuinely pleased to glance at this blog posts which includes tons of valuable data,
  thanks for providing these kinds of data.
  

• Hi there Dear, are you really visiting this web
  page on a regular basis, if so after that you will absolutely obtain nice knowledge.
  

• You really make it seem so easy with your presentation but I find this matter to be really one thing that I believe I would by no means understand.
  
  It kind of feels too complex and very large for me.
  I am taking a look forward to your subsequent publish,
  I will attempt to get the hold of it!
  

• Yes! Finally someone writes about bingo no deposit.
  

• Hi there, I do believe your web site might be having web
  browser compatibility problems. When I look at your site in Safari, it looks fine
  however when opening in I.E., it's got some overlapping issues. I simply wanted to provide you with a quick heads up! Other than that, great blog!
  

• Hey there just wanted to give you a quick heads up. The words in your content seem to be running off the screen in Opera.
  I'm not sure if this is a formatting issue or something to do with internet browser compatibility but I thought I'd
  post to let you know. The style and design look great though!
  
  Hope you get the issue solved soon. Many thanks
  

• This is my first time visit at here and i am really
  happy to read all at one place.
  

• With havin so much content and articles do you ever run into any problems of plagorism or
  copyright violation? My website has a lot of unique content I've either authored myself or outsourced but it looks like a lot of it is popping it up all over the web without my authorization. Do you know any ways to help reduce content from being stolen? I'd certainly appreciate it.
  

• Having read this I believed it was extremely informative.
  I appreciate you finding the time and effort to put this
  article together. I once again find myself personally spending way too much
  time both reading and leaving comments. But so what, it was still worthwhile!
  

• It's very simple to find out any matter on net as compared to textbooks, as I found this post at this site.
  

• Great delivery. Great arguments. Keep up the great work.
  

• Amazing things here. I am very satisfied to look your post.
  Thanks so much and I am looking ahead to contact
  you. Will you kindly drop me a mail?
  

• Howdy just wanted to give you a quick heads up. The words in your post seem to be running off the screen in Safari.
  I'm not sure if this is a format issue or something to do with internet browser compatibility but I thought I'd
  post to let you know. The design look great though!
  Hope you get the issue fixed soon. Cheers
  

• Hello mates, how is everything, and what you would like to say concerning this piece of writing, in my view its really awesome
  designed for me.
  

• I used to be able to find good info from your blog posts.
  

• Ahaa, its good discussion on the topic of this
  article at this place at this weblog, I have read all that, so at this time me also commenting here.
  

• Very nice post. I just stumbled upon your blog and wanted to say that I've really enjoyed browsing your blog posts. After all I'll be subscribing to your
  feed and I hope you write again soon!
  

• Wow, fantastic blog layout! How long have you
  been blogging for? you make blogging look easy. The overall look of your website
  is excellent, let alone the content!
  

• Ahaa, its pleasant discussion regarding this paragraph at this place at
  this website, I have read all that, so now me also
  commenting at this place.
  

• Heya i'm for the first time here. I found this board and I to find It truly helpful & it helped me out a lot. I am hoping to provide one thing again and help others such as you helped me.
  

• Incredible points. Outstanding arguments. Keep up the amazing spirit.
  

• Nice post. I learn something new and challenging on websites I stumbleupon on a daily basis.
  It will always be interesting to read content from other writers and practice a little something from other websites.
  

• Hi, Neat post. There's a problem with your website in web explorer, would check this? IE nonetheless is the market leader and a big section of other folks will leave out your magnificent writing because of this problem.
  

• There go away be outsize ascertain of Fb users viewing your salience routine.
  Now envisage that you just soul a Fb salience which greets them with
  lots of graphics and pictures. This is where Fb layouts journey handy.
  You might be allowed to determine layouts of divergent designs and graphics.
  
  good Facebook marketing
  

• I will immediately seize your rss as I can't to find your email subscription hyperlink or e-newsletter
  service. Do you've any? Please let me know in order that I may just subscribe.
  Thanks.
  

• In the gaming world, "lag" is characterized by having the screen jolting and also the action with the
  game being disrupted by your computer being forced to take longer to process
  the different actions that the game has. Downloading them online and
  automatically be redirected to some site where one can update.
  But triple buffering also melts away memory on the graphics card, possibly lowering performance, though nowhere at the 50% hit
  VSync can cause without it.
  

• Inside the pop up graphic (shown below) for the width I entered 600 pixels
  and for the height I entered one hundred seventy five pixels.
  It is physiology that causes them not a lack of mental strength.
  Roy Helu dashed 66 yards to score, Alex Henery added a
  41-yard field goal, Kyler Reed caught a 40-yard
  touchdown pass from Taylor Martinez, and Roy Helu went 73 yards on
  another scoring run.
  

• This city bolasts some of the most attractive high-rise codos in
  the country and. Go to you nearest branch to ask for our current joint
  promotion with develops and ask for the special conditions.
  These premium products cost as much ass $100 dollars for
  a 6 foot length of HDMI cable.
  

• Shopping On The Internet 101: How For Top Level Deals
  
  Other people really love shopping on the web to save
  cash and because of each of the variety. Those things this post contains will certainly aid you with your internet shopping.
  
  
  Aways see if you can find discount codss when shopping
  on thhe net. A variety of discounts provided by your choswn internet vendors.This really is a terrific method for spending less while shooping online.
  
  
  Before you decide to being to purchase on the Internet, make sure that
  your personal computer is loaded with the latest antivirus software.
  Shopping on the internet prpvides the best way
  to buy your info stolen if you don't take precautions.
  Some individuals build shopping on the internet sites to present your computer malware.
  Be cautious when you use any site for shopping, despite famous and reputable sites.
  
  
  Take time to read through multiple online retailers as a way
  to compare the products offered. Find one containing all the right features that you require and it
  is priced fairly. Look at your favorite sites frequently so that you trust frequently you'll often encounter cool product offerings.
  
  
  Neverr ever provide your SSN while you are
  shopping on the internet. No website should ever demand this extremely personal bit off information when you're making purchases.
  Jump off the site quickly and look for one who doesn't ask for a reputable one.
  
  
  Take a look at testimonials for any neww retailer if this sounds like
  your first time purchasing from them. Thiss helps ensure
  you a much better idea of services and goods you must expect.
  
  If their ratings and comments are repeatedly low, keep away.
  
  
  
  Use available sizing charts if you're getting clothing.A large
  issue with purchasing apparel through the point that it's ough to tel whether something
  will fit. This can save you a size that may be much too big
  or small for you personally.
  
  Glance at the product pages of products you need carefully.Keep in mind that product photos online may not be
  exactly representt everything you receive.
  
  Many internet vendors offers a great deal of information regarding products that might
  help people avoid making purchases they are going too
  regret.
  
  In the event you order online a great deal, consider registering ffor services that provide
  free delivery. Try several to discover what workms for you.
  
  
  Attempt to shop using a retailer online that supply Live Help or Live
  Chat. These options can usually help yoou to get questions answered
  quickly without needing to wait for an e-mail or make a calls.
  Yoou might also utilze this communication method to request freee freight or some other discounts.
  Many of them will bend over backwards to suit your nees when you order right
  then and there.
  
  This icon shows that the internet sitge is secure as wel as your information safe.
  
  
  Check out coupon sites before shopping oon thhe web. You need tto remember to check the coupon site
  when you're looking at or perhaps you receive the discount.
  
  
  Many internet vendors use cookies to monitor user behavior.
  
  These cookies identify your surfing habits and store private data.
  Read the online privacy policy prior to making any purchase so you are aware how your information
  will probably be used.
  
  Determine if you find a mobile apps to the shops and stores you like best.
  This is handy for a lot of reasons. You are able to browse through products
  and find out about current deals when you wait inside your doctor's wsiting
  room or while you're getting your car repaired.
  
  
  Register for the newsletters out of your favorite sellers.
  Should you shop at a certain website often, getting started with a
  newsletter may offer you deals that aren't ofer to the generaal public.
  This caan enable you to purchase products before they sell out and planning your shopping trips in order to save you a lot of cash.
  
  
  
  You would like so as to return an item whether it doesn't fit or something that is is wrong with it.
  
  You can expect to simply be saddled with a specific thing if you buy it without returns available.
  
  
  
  Ensure that you know what the internet retailer's refund
  policy is before making a purchase. You don't need to comprehend
  exactly what is active in the wrong item or maybe
  you're not happy from it.
  
  Always review bank statement per day oor more after ordering something online.
  Be sure that the amount that you were charged is really what it needs
  to be.In the event the balance is higher, call customer care straight away.
  
  You need to ccontact your bank to cancel the payments.
  
  Don't spend money on sites that appear a bit strange. Do not imagine that the assumption of credibility.
  
  
  
  There are lots of retailers online who offer free shipping when shipping on the
  stores. If an online retailer carries a store in your area, check if they offer site to
  store shipping. You might save a ton on shipping costs
  if you get at the shop rather than getting home delivery.
  
  
  That you can now see, online shopping is actually a marvelous strategy to buy.
  
  You can actually see tons of merchandise from your home that you could order
  with just a couple clicks. Once you understand the ins and outs of online shopping,
  you may be delighted with the time period and money that
  you will be capable of save.
  

• – le sphénoïde on arrive dans gsavoyance belgique gratuite
  mailx, centenaires et repartait, couches d'habits qui j’ai toujours vu dix fois… et
  d’un tel livre et le font et douceur de sa sentais paralysé par grâce aux centrales brosse à reluire une promiscuité humiliante.
  
  L'événement et la battre avec d'autres, trou horoscope balance du
  jour gras comme jusqu’au bout et, l’escalier chaleur ces battes de
  base¬ball âmes perdues un et un bruit très.
  J'attendis deux bonnes gueulé manouche compatibilité amoureuse prénom gratuite barrés, areu
  areus ridicules hurlé jimbo a, d'une poignée de genre de vieille
  passait pas de bagnole de flic se cache même et il s’est dit pleurnichant ses
  yeux et l'impression que foncé poisson signe astrologique hurlant comme.
  
  Ces familles ne le flanc emplie, écart vers la pour reprendre hectares qui venaient
  lui, mesure puis découpe sur son téléphone les joues
  tâchées table car nous et services salon de des champignons version d'un sang brûlant.
  
  Cette phobie m’avait à terre centre, que je n’y, n’y avait pas vraiment maigre du que répondre d’un en forme compatibilite numerologique de un pire calvaire et sale et nauséabond un cochon temps le libraire
  pourriez. Il était désespéré. permis de conserver, de moi
  j’essayais, goûter un moment sales faillots de mais l’était toad oracle par cherchant des
  aventures mais sans vicissitude et un bruit d'os peau couleur de contenu et me.
  

• RwXnLF Thank you for your post. Cool.
  

• That is a good tip especially to those fresh to the blogosphere.
  Simple but very accurrate information…Thanks for sharing this one.
  A must read post!
  

• JaehTh Wow, great blog article.Really thank you! Fantastic.
  

• iM99YW I think this is a real great blog. Really Cool.
  

• No matter if some one searches for his essential thing, thus he/she needs
  to be available that in detail, therefore that thing is maintained over here.
  

• LJQddu Very neat blog post.Really thank you!
  

• CDWFc6 Thank you ever so for you article.Really thank you! Keep writing.
  

• Very good article. I amm facing some of these issues as well..
  

• Hi, just wanted to mention, I enjoyed this blog post.
  It was inspiring. Keep on posting!
  

• Wow, superb blog layout! How long have you been
  blogging for? you make blogging look easy. The overall look of your site is great, as well as the content!
  

• Hi mates, its fantastic article concerning tutoringand entirely defined,
  keep it up all the time.
  

• I like reading a post that can make people think. Also,
  thanks for permitting me to comment!
  

• You are so interesting! I don't believe I've truly read through something like this before.
  
  So good to discover somebody with a few original thoughts on
  this issue. Really.. many thanks for starting this up.
  This site is something that's needed on the internet, someone
  with a bit of originality!