I am trying to create a stored procedure to create a login and a database user?

Question

I am developing a C# application with SQL Server, and would like to call a stored procedure to create a login and a user.

I am looking for the simplest way to do th

Answer 1

You should consider user rights. To create sql server login and database user, you have to have high privileges on SQL Server instance. So either you have to grant user rights to do the action (and that mean- server level and database lever permissions) or you have to use other mechanism not to make your server vulnerable.

One of the option's would be using certificates and signet stored procedures to do things "nicely" and not allow creation of logins/users directly.

Also, the one who is able to use trace, will be able to see passwords (if you are not wrapping that in procedure, password is not shown in trace).