I am using MSDE in an ASP .NET application using forms authentication in order to the user can visit my website anonymously but have to authenticate in some pages.
Web server and MSDE server are in the same computer.
I would like to know how role I should set for the ASPNET sql server user. I am using Microsoft SQL Web Data Administrator and when I am creating the ASPNET user, then a page with some roles is shown.
Roles like public (default), db_owner, db_accessadmin, db_datareader, db_datawriter...
I had applied db_datareader and db_datawriter but now, when I use store procedures in my code, an error is made so I have applied db_owner role for the ASPNET user.
Is this correct or db_owner is a excessive privileged role for the ASPNET user?
Thank you and sorry for my English.DONT EVER GIVE THAT USER DB_OWNER!! You're setting yourself up for sql inject attacks.
The best thing to do is create a role named WebUser and add the asp.net user to that role. Then grant execute permissions to the user.
Here's the script that you need:
exec sp_addrole 'WebUser'
go
exec sp_addrolemember 'WebUser', 'MACHINENAME\ASPNET'
go
grant execute on PROCNAME to WebUser
No comments:
Post a Comment