1

I'm developing a desktop client application in wpf and I want to put my database which I currently have in Access on our SQL Server instance. I don't think it's a good idea to use windows authentication, because then every user should be added to sql server and given the necessary rights. So another option is to make a user in SQL Server for that specific application. I also read you can make a client app connect to the database through SQL Server Native Client but then I need it installed on every PC. So I guess my question is, what is the proper way to do this?

Arne W
  • 53
  • 6
  • 1
    if you could setup an Active Directory group which contains all the users of the application and give proper access right to that AD group to the SQL Server database, I would go that way. consider that having a connection string with specific SQL Server user name and password in the app config is not the safest way to handle this. Having users to connect with a connection string which has no username/password but trusted connection is better and you can still control everything from the SQL Setup. once you install .NET 4 you do have sql client connectivity on the clients – Davide Piras Dec 13 '11 at 13:40
  • This is something I just don't seem to get my head around. I'm originally a java developer (3 tier apps: web interface - server app - server db), now I work most of my time on VB6 and Access "applications". Is there no simple way to make a .net client app interact with SQL Server? Maybe I'm trying to be too simplistic to make a 2-Tier application? – Arne W Dec 13 '11 at 14:05

1 Answers1

5

If you are in a secure, lan enviroment, Windows auth is absolutely the way to go. This way you don't have a separate set of login credentials for every user, and you don't need login credentials stored/entered on the application, itself.

If you are in an over-the-internet situation, your should not be permitting direct connection to the SQL server at all.

Andrew Barber
  • 39,603
  • 20
  • 94
  • 123