In our database we have an SQL server account that has the correct r开发者_运维百科oles to access some of the databases. All of our PC and Servers are in domain using Windows Account. Now there is ASP.NET web application, we want the users in the domain to browser some data in the sql server. But we do not want to grant direct permission to every person, so is it possible to connect to sql server and run some T-SQL without granting permission to users using one specify account?
Best Regards,
Create views (or stored procedures) and lock them down to a custom role. Place those users you want to have access in a domain group, and place that group in the custom role.
Overview of SQL Server security model and security best practices
well, if the asp.net is inside the domain on the intranet, then you can create a GROUP in AD, and tie that to an account with the appropriate permissions in SQL Server. Then, turn off anonymous access on the ASP.NEt application, and have it go to town.
You can look at Security Account Delegation (aka passthrough authentication) to enable the NT logon token to be passed to SQL
Google search... there is a lot of good stuff, probably better than one specific link
精彩评论