Hi All,
I am developing a web project that use Forms Authentication and SQL Server.
Instead of storing users and passwords in a table, I am going to use SQL Server Users account. The connection string will be created on the fly by concatenating with user name and password supplied from Login page.
strConn = "provider=SQLOLEDB;server="DINO";database="MyShop";uid=" & m_UserName & ";pwd=" & m_Password & ";"
m_Cnn = New OleDbConnection(strConn)
m_Cnn.Open()
If opening connection is successful then user is authenticated.
Now is it secure enough to do this way ?
Thanks.
Armen
I am developing a web project that use Forms Authentication and SQL Server.
Instead of storing users and passwords in a table, I am going to use SQL Server Users account. The connection string will be created on the fly by concatenating with user name and password supplied from Login page.
strConn = "provider=SQLOLEDB;server="DINO";database="MyShop";uid=" & m_UserName & ";pwd=" & m_Password & ";"
m_Cnn = New OleDbConnection(strConn)
m_Cnn.Open()
If opening connection is successful then user is authenticated.
Now is it secure enough to do this way ?
Thanks.
Armen