creating multiple users for a c#.net winform application using sql server express
i have a single sql database in sql server express.
i have a login MAINLOGIN, for this database.
i want insertion of data in this database through multiple users, U1,U2,U3, each having different userids & passwords.
These users would be created by MAINLOGIN , manually or via the winform application.
So while creating MAINLOGIN , i would give him permission to further create logins.
For this what should i do?
i cannot create MULTIPLE users, because for one database, only one user can be created under one login.
so should i create multiple logins, L1,L2,L3, then map, U1, U2, U3 to them.
Or, is there a better way to do this? like application roles etc.
i dont want to use windows authentication. because if i know the system password, then i could simply connect sql via the application and insert wrong dat开发者_高级运维a.
In SQL Server, you can have either accounts based on Windows accounts, or separate, specific SQL accounts. For both variations, you need one account for each user that needs to use your database.
The only exception is the ability to create a SQL Server Login for a Windows security group, e.g. MyAppUsers
, and then a user in your database for that login. With this, any Windows account that is member of that security group (in Windows/AD) will also have permissions to see / use your database.
With this approach, you're also moving the administration of who can use your database out of SQL Server, since it really only depends on membership in a Windows security group.
One login, one user - multiple Windows accounts that get permissions with this. Seems like a winner to me!
Update:
Create a login for a Windows AD group:
CREATE LOGIN [DOMAIN\GroupName] FROM WINDOWS
Create a user in your database based on that login:
USE (your database)
CREATE USER GroupNameUser
FOR LOGIN [DOMAIN\GroupName]
Connection string for your SQL Server connection:
server=(your server);database=(your database);integrated security=SSPI;
What else can I tell you?
Update #2: the code not using the Windows accounts is this:
Create a login for each user that needs to use your application
CREATE LOGIN (some login name) WITH PASSWORD = 'Top$ecret'
Create a user in your database based on that login - again, once for each user of your app:
USE (your database)
CREATE USER UserName
FOR LOGIN (some login name)
Connection string for your SQL Server connection:
server=(your server);database=(your database);
user id=UserName;Password=Top$ecret
But again: this requires one login including a password and one user in each database which you need to keep track of and possibly do stuff like "reset password" operations etc. from your database app. Lots more in terms of admin overhead!
Maintaining per user connection to SQL is very costly and can lead to poor performace of the application. A better design would be to maintain application roles and allow user permissions via these roles. For connecting SQL - use only one account which is not associated with any user. This account is only used for DB access where are have some audit data in your database to trace who did what.
精彩评论