Database access restriction for asp.net

I have thi开发者_如何学编程s question for quite a long time...

I have seen many discussions about granting role based access for Databases... But with respect to asp.net web apps... The web app is any way going to connect to the database, with the ID specified in connection string, irrespective of the user connected to the application... (except for windows auth model)...

In such a scenario... There is no need to create individual user's login in DB, and provide him with required roles and access restrictions..

Does this mean, we need not have to worry about user access restricion in DB for asp.net apps, except for the user used in Connection String... or am I getting it wrong somewhere.

Thanks

---

There is no need to create individual user's login in DB, and provide him with required roles and access restrictions

Correct.

Does this mean, we need not have to worry about user access restricion in DB for asp.net apps, except for the user used in Connection String

Essentially. But the user may still be allowed access to only certain parts of the application... Administrative rights may not be granted to all users, for example. So you still need a user security mechanism for the application that grants application rights to specific users.

Such a security implementation can be implemented in a number of different ways. One way is to provide user security tables in the database that tell the application what rights each user has. Another way is to use Active Directory to store and retrieve user roles.

---

Regarding your statement

"Does this mean, we need not have to worry about user access restricion in DB for asp.net apps, except for the user used in Connection String"

the short answer is "Yes"

The long answer is: The approach you have explained is generally called the "Trusted sub system model". The following URLs provide more details about this model: Trusted substem MSDN link