authentication Mode

I am developing a client/server application using sql server as the back end
.
This app must allow for two login scenarios other than the usual one
user/one workstation. First, the app must allow users to log in from any
machine on the network even when using a machine running under a different
users login. Second, the app must be available to someone that does not hav
e
a windows login, eg a field worker that needs to access the app occasioniall
y
using a machine running under a different users login. For these reasons, I
have been using mixed mode authentication which does the job. Since all the
documentation seems to recommend Windows authentication mode and mixed mode
is for backward compability, am I missing something here? Can I handle the
two scenarios, particularly the second using Windows Authentication?
JBConsider using an Application Role rather than user level security.
Look in Books Online for "Establishing Application Security and Application
Roles".
Arnie Rowland, Ph.D.
Westwood Consulting, Inc
Most good judgment comes from experience.
Most experience comes from bad judgment.
- Anonymous
"JB" <JB@.discussions.microsoft.com> wrote in message
news:AA8A22DC-D007-4CBE-BFF8-758693B9FCC0@.microsoft.com...
>I am developing a client/server application using sql server as the back
>end.
> This app must allow for two login scenarios other than the usual one
> user/one workstation. First, the app must allow users to log in from any
> machine on the network even when using a machine running under a different
> users login. Second, the app must be available to someone that does not
> have
> a windows login, eg a field worker that needs to access the app
> occasionially
> using a machine running under a different users login. For these reasons,
> I
> have been using mixed mode authentication which does the job. Since all
> the
> documentation seems to recommend Windows authentication mode and mixed
> mode
> is for backward compability, am I missing something here? Can I handle
> the
> two scenarios, particularly the second using Windows Authentication?
> JB|||That's hard to say as this line doesn't make sense:
"Second, the app must be available to someone that does not
have a windows login, eg a field worker that needs to
access the app occasionially using a machine running under
a different users login"
So what login is the "different users login" - but the user
doesn't have a login?
It really depends on what login is being used, if the field
work is accessing a machine in a domain, if it's multiple
domains, depends on trusts that may or may not be setup,
etc.
In terms of the other issue, Machines and logins are two
different things. If I have my windows login setup for
access to a SQL Server box in my domain, it doesn't matter
what machine I use. If I login into the network, that's the
credentials that are used no matter what machine I may be
logged into.
If users are logging into the domain with all different
logins, accessing network resources with various logins then
you have a security mess at the network level which will
lead to security messes in SQL Server as well when
implementing Windows authentication.
-Sue
On Fri, 22 Sep 2006 10:17:01 -0700, JB
<JB@.discussions.microsoft.com> wrote:

>I am developing a client/server application using sql server as the back en
d.
> This app must allow for two login scenarios other than the usual one
>user/one workstation. First, the app must allow users to log in from any
>machine on the network even when using a machine running under a different
>users login. Second, the app must be available to someone that does not ha
ve
>a windows login, eg a field worker that needs to access the app occasionial
ly
>using a machine running under a different users login. For these reasons,
I
>have been using mixed mode authentication which does the job. Since all th
e
>documentation seems to recommend Windows authentication mode and mixed mode
>is for backward compability, am I missing something here? Can I handle the
>two scenarios, particularly the second using Windows Authentication?
>JB