I am working on the security model for an application that will be used by 100s of users with a dedicated SQL 2005 database for this application and access via SQL XML Web Services.
The client has asked to make it "open" during alpha testing such that anyone can access the web services without having to set them up first. Is there a way to do this? The best I can figure is to use mixed mode security and hard code a login and password. Any method using Windows authentication would require that I add every user at a minimum to the database.
In production, all users will have an active directory role specified that determines if they should have access to the web services or not. However, it is my understanding that to use Windows authentication, I would still need to add each individual user at a minimum as a Login to the SQL Server, and under best practices also as database users with permissions granted to the endpoint.
Am I correct in the above, or is there a more efficient way to achieve these results?
Thanks
-L
Your post seems to have been moved to this forum, as I have not seen it before. Could you please let me know where you posted this originally?
If the individual users are all belonging to a Windows group, you could just grant connection permissions to that group. But I am not familiar with XML Web Services, so I cannot say whether this is the best course of action.
Have you checked the following link?
http://msdn2.microsoft.com/en-us/library/ms191274.aspx
I'd suggest to also post in the XML forum: SQL Server XML
Thanks
Laurentiu
No comments:
Post a Comment