What is the best way to authenticate to the database?

1

What is the best way to make a connection to the database using C #?

Create a USERS table, or create a USER in the database to access?

    
asked by anonymous 02.11.2017 / 19:47

2 answers

3

There is no better way. There is the most appropriate for your situation.

If you want to know which is the safest is to use database authentication, although other forms can be very secure if it is right.

But this is not always possible. It is not always what you want. You can:

  • have anonymous accesses
  • have a very large number of users
  • allow auto registration
  • give access to parts of the database that should not be

Finally, there are several situations that are not ideal, then a solution of your own may be more appropriate.

A huge amount of applications only make sense to have your own table of users, especially for web and mobile.

    
02.11.2017 / 19:58
2

For the case of user authentication I use 3 solutions depending on the case and the client;

  • All users have their own user in sql: step in the connection string the user, so it is possible to put one more level of security. For example, the user can not read table x
  • All users have AD log: Default user in connection string and validate with AD;
  • Clumsy: I use the IdentityServer (currently in version 4) is more complicated to implement and usually only worth it if you have "multiple systems" and you want to authenticate everything in one place; if you have more systems everything authenticates in the same place
  • 03.11.2017 / 17:01