Advantages and Disadvantages of using Proxy Accounts
Proxy account support allows for a large number of user accounts to exist in a SQL Server database (which scales much better than Active Directory) to be mapped to smaller number of Windows accounts stored in Active Directory, and still leverage Windows ACL security.
Using proxy accounts minimizes the administration overhead of configuring ACLs, because fewer Windows accounts are used for granting access to your site. Using proxy accounts also improves performance for your site, because SQL Server is much faster than Active Directory. However, using proxy accounts is inherently less secure than storing all user accounts in Active Directory.
Using proxy accounts can be useful if a site has a large user base that it does not want to keep in AD, however, you want to leverage Windows authentication to secure your site resources using access control lists (ACLs).
User accounts are kept in a database, such as SQL Server, which scales better than Active Directory, and a much smaller number of Windows accounts are kept in Active Directory, which are used as proxy accounts. Hence a large number of users, typically millions for this scenario, can be mapped to a small number of proxy accounts. This also eases the management of permissions due to a smaller number of Windows accounts in which to configure ACLs. Each user can be marked as belonging to a specific role, which is used map a user to a particular proxy account.
- The mapping of user accounts to proxy accounts is left to the individual site design. Logic must be added to the login page to request the property from SQL Server to determine the users role. The login page then gets the proxy credentials from Active Directory for this role, and sends the user a session cookie containing the proxy credentials. For more information, see Code to Implement Proxy Accounts.
The following is a summary of the advantages and disadvantages of using proxy accounts.
Advantages of Using Proxy Accounts
Better Performance: SQL Server authenticates users much faster than active Directory.
Scalability: If you exceed the maximum recommended number of users per Active Directory domain, around 10 million users, you would need to add additional Active Directory partitions or additional domains. This complicates the manageability of Active Directory. You can store many more users in a single SQL server, simply by adding more hard drive space or processors to a single machine.
Lower total cost of ownership: Even though Active Directory can store many more objects, for performance reasons in e-business scenarios, it is recommended that you store no more than three million objects/users per domain in Active Directory.
Commerce Server provides partitioning support across multiple forests to scale Active Directory. This has been tested up to 10 million objects/users, although there is no hard-coded limit.
SQL Server can store many more user accounts, per machine, than active directory. This lowers the total cost of ownership if you are storing more than 10 million Windows user accounts.
Easier to manage: Because users access your site using the credentials of the proxy account for their role, and because you can map millions of users to a few roles, the task of setting ACLs on your site resources is greatly reduced.
Disadvantages of Using Proxy Accounts
- Inherently Less Secure: SQL server stores passwords in clear-text (although you can encrypt the password using the encryption features of the Profiling System), and Active Directory (by default) stores passwords in encrypted format. Therefore, using proxy accounts is less secure than storing all user passwords in active directory.
- Because of the disadvantages listed above, do not implement proxy accounts in a Business to Consumer environment, such as the Retail Solution Site.