How to store ActiveDirectory credentials in asp.net application
March 8, 2017 7:17 AM   Subscribe

I need to create a small web application that has INSERT access to a table in a database. The authentication to SQL Server is going to be handled by a single ActiveDirectory account whose credentials (both username and password) must be stored in the web-application so that any user can use the application. Any idea about best practices or recommendations?

I'm not exactly sure why we're not just using SQL Server authentication, but it is what it is. I've used Integrated Security before and plain old SQL Server authentication, but never this specific type of authentication. Any ideas?
posted by czytm to Computers & Internet (2 answers total)
 
Best answer: I am not a security expert, but this is how I'd do it. Setup the app pool in IIS to use the AD credentials as its identity instead of whatever the default account it. Then use integrated authentication between the web app and SQL server.
posted by natabat at 9:03 AM on March 8, 2017 [2 favorites]


natabat's suggestion is the correct one. Don't forget to also authenticate your user base well to make sure only authorized users can access this application.
posted by mmascolino at 1:41 PM on March 8, 2017


« Older Can you spoof a phone number so you receive calls...   |   Big not tall Newer »
This thread is closed to new comments.


Tags

Share