Best Place to House the .Net ASPNETDB Membership and Roles DB

Question

I am currently developing a business application that will ultimately be hosted at a .Net hosting company. The hosting company provides 1 MSSQL DB (with 2 users) and an unlimited number of MySQL DBs. Purchasing a second MSSQL DB is out of the question as my boss doesn't want to pay any more for the hosting. I am trying to determine the best place to house the ASPNETDB for site authentication and roles.

My first thought was to take advantage of one of the MySQL DBs for this purpose but have noticed that it appears to take some hoop jumping to accomplish this option. Another option may be to keep the ASPNETDB in a Express DB file.

Finally, I have also thought about housing it in the MSSQL DB with the application tables. This option scares me because if I accidentally screw something up in the application, the ASPNETDB tables could be open to SQL injection. Of course, I will do my best to ensure this won't happen anyway, but would like to know I have that extra layer of security knowing it is housed in its own DB.

The hosting company does allow two MSSQL DB users, so this in theory would allow me to have one user dedicated to authentication and restrict the other user from being able to access the ASPNETDB tables all together.

As a fellow developer, what method would you recommend? Thanks in advance for your help.

Answer 1

Sounds like you are a bit green to this stuff, am I correct? Because of that dont create too many headaches for your self. Dont try to put it in mysql, thats a mistake. I know its free, but it was written to work with MSSQL. Yes, using the other user is a good idea. Just be sure to sanitize your inputs and use properties on your SQL statements or better yet use an ORM like entity framework or Linq to SQL at the least.

Answer 2

Use the MSSQL DB and use the preconfigured ASP.NET Membership provider and Roles provider. This is the easiest method. Restrict Table level access and use only Stored Procedures.