Connection string mvc app

Question

I created a Web Application using mvc.app and connection to SQL Server. Application authenticates user via ADFS. How should I form my connection string, so the application will work with the SQL permission granted to the user? i.e. I have a user named John and he can only read from the database, so he should have the same permssions when using the application. If I create another user with broader permissions, that user (after login to the app) should also have broader permissions.
Application is hosted on-permises

Answer 1

Hi TomaszW-0873,
You can try to use the following connection string in web.config:

<add name="ConnectionStringName"  
    providerName="System.Data.SqlClient"  
connectionString="Data Source=ServerName;Initial Catalog=DatabaseName;Integrated Security=False;User Id=userid;Password=password;MultipleActiveResultSets=True" />  
  

For more details, please refer to SQL Server Connection Strings for ASP.NET Web Applications and SQL Server Database Connection To MVC Application which might help.
In addition, your issue is more related to MVC. I suggest you open a thread in the ASP.NET MVC forum so that people there will help you more effectively.
Best Regards,
Amelia

=======================================

Please remember to click " Accept Answer" and upvote the responses that resolved your issue.

Answer 2

I will try, although I would like to avoid providing username and password as those would depend on the logged user. When I use Windows Integrated login, the webiste "log" to SQL Server using a computer account.

Answer 3

I suggest you read this:
https://www.mssqltips.com/sqlservertip/4729/application-database-security-design--part-1--authentication-for-sql-server/

Answer 4

I found a way using <identity impersonate="true" />
just wondering if there is any other way