Q

How to secure ASP.NET applications that pull data from SQL Servers

When your Web servers live on a different domain from your SQL Servers, you need to make sure your applications are secure. Security expert Steven Andres explains how to secure ASP.NET applications.

How do you secure ASP.NET applications that pull data from SQL Servers? My developers are putting the username and password in the web.config. We can't use Windows Authentication because the Web servers are in a different domain than the SQL Servers and there is no trust established between the domains. Do have a better solution for this?
You can use synchronized accounts between the two servers, then use Windows Authentication as normal. The accounts do not have to be in the same domain but they do have to have the same username and password. Just create a local account on the Web server with the same password as the local account on the SQL Server with the same username.
This was first published in January 2006

Dig deeper on SQL Server Security

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchBusinessAnalytics

SearchDataCenter

SearchDataManagement

SearchAWS

SearchOracle

SearchContentManagement

SearchWindowsServer

Close