integrated-security

I've been searching hard to get my head around security related issues in a SQL Server. We're developing a .NET application that targets SQL Server 2008 and we want to use FileStream. Now I've found out that SQL Server only allows FileStream through the Win32 API if you use Integrated Security. The problem is that we have around 80% of our application finished, but it is entirely based on SQL Authentication. So we are doing INSERT's straight form our application and are not using Stored Procedures for every CRUD operation. This is relatively safe because I can store the the SQL username and

Please, can someone PLEASE give a simple, straight-forward way to enable ASP.NET > Kerberos > Sql Server? We have clientMachine > webServer > databaseServer. The client is insistent that the site must pull the windows login and not prompt, hence the need for Kerberos and Integrated Authentication. It also MUST impersonate the user onto the db server, inducing a double-hop. Our domain is a Windows 2003 domain, which as far as I can tell online, means Kerberos is enabled. And on a domain-joined computer,when logged in, kerbtray shows me I have a slew of tickets, so it is apparently working. The

The distinctions among Windows user permissions and any set of SQL Server GRANTs seem like unrelated concepts. As often as not, it seems to actually be implemented with pseudo-logins for database roles; but that doesn't map usefully back to Windows permissions. Assuming single-login identity verification, why not just go with the simplest possible database roles? EDIT: So far we've picked up the single benefit that you don't need to store a password in your application; but that seems more like a trivial beneficial consequence than a design goal; there are lots of other more direct ways to

(A question of similar vein has been asked before but both the question and the accepted answer do not provide the detail I am looking for) With the intention of running an asmx web service under a dedicated domain account what are the usage scenarios and/or pros and cons of using an Application Pool with the identity of the domain account versus Impersonation? We have 3 small internal web services that run under relatively low load and we would like to switch them to running under their own domain accounts (for the purpose of integrated security with SQL Server etc). I appear to have the

I have an ASP.Net MVC app using Integrated Security that I need to be able grant open access to a specific route. The route in question is ~/Agreements/Upload . I have tried a few things and nothing has worked thus far. <configuration> <location path="~/Agreements/Upload"> <system.web> <authorization> <allow users="*"/> </authorization> </system.web> </location> </configuration> In IIS under Directory Security > Authentication Methods I only have "Integrated Windows Authentication" selected. Now, this could be part of my problem (as even though IIS allows the above IIS doesn't). But if that's