Database connections in .NET applications

197
2
11-13-2017 12:58 PM
MollyFoley
Regular Contributor

I'm a total newbie to web development, so this may be kind of a stupid question, however... I have a .NET application that calls out to a python script after a user uploads some data. This python script connects to an SDE database and manipulates the data they uploaded to insert into the database. What I'm wondering is when the application is accessed by users remotely, are they going to be able to make the database connection just because it's scripted in (e.g. arcpy.env.workspace = r'Database Connections\myDatabase.sde')? What kind of permissions would they need? When I think about it, I can access the database and run the script because my windows authentication verifies my permissions to access that database. I imagine when this application goes into production, there will need to be some alternate way to verify the user is allowed to connect to the database because even though the script resides on my computer and I'm authorized, I'm not the one accessing it. Does that make sense? 

Tags (2)
0 Kudos
2 Replies
TedKowal
Regular Contributor II

Depending on your database different senarios will apply.  For example for a wide area intranet application, I am using overlays on top of Bing Maps.  The GIS data is acessed through, in my case, javascript to the ArcSDE connection on a SQL Server 12.0 database.  In development, the application passed my username/credentials -- however on my first test on the production database that was not the case.  IIS would not pass the username/creditials to the database but only passed the  IURS_XXXX user (IIS local user).  What I had to do in my application is to create a user account on the server, set the app on IIS to use that user, and within SQL Server set appropriate permissions for the created account.  Another way around this issue would be setting up a worker pool on IIS for that created account and your app would be set to use that worker pool......

Along with our System Administrator --- it was a lot of trial error before we got a working balance!  I imagine every set up would be different -- Now if you are using Kerberos as part of your security, you may have to yet go through another level of setting up stuff -- A lot of this is highly depended upon your individual network set up so any one answer may or may not apply to you.

For my case I set up a domain and local account srv-mdxinfo.  Hope this gives you some things to try out!

YuanLiu
Occasional Contributor

So seems like you are connecting to the GDB using OS Authentication (instead of database authentication with username and password) in myDatabase.sde, right? Then I believe it would depend on whether the OS account hosting the web application has access to the GDB or not. If the web application is hosted on ArcGIS Server (e.g. SOE), then it means the account ArcGIS Server is running as (Local Services -> ArcGIS Server right-click Properties -> Log On); if hosted on IIS, it would be like Ted's situation. 

0 Kudos