Re: User ASPNET in SQL Server 2000
From: Cowboy \(Gregory A. Beamer\) (N0SpamMPleezEgbworld@comcast.netN0SpamMPleezE)
Date: 12/05/02
- Next message: krishna c kanthety: "Re: Accessing variables"
- Previous message: Larry Hastings: "Re: ASPX throws a 404 error when Anonymous Access is disabled."
- In reply to: Tom: "Re: User ASPNET in SQL Server 2000"
- Next in thread: Tom: "Re: User ASPNET in SQL Server 2000"
- Reply: Tom: "Re: User ASPNET in SQL Server 2000"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Cowboy \(Gregory A. Beamer\)" <N0SpamMPleezEgbworld@comcast.netN0SpamMPleezE> Date: Thu, 5 Dec 2002 11:06:39 -0600
When you hit a web application that has anonymous access, IIS does the lazy
thing and authenticates you as IUSR_ComputerName. This is a local account
for the web server box. If you know everyone that uses an app is a domain
user, you can simply open the Internet Services Manager, browse the web app
in question, and turn off anonymous access.
You can also change the NTFS permissions on the directory that contains your
pages, and only allow those that have access. This will force a logon.
You can also set up a location section in web.config and give specific
authorization, as in:
<location path="suggestion/view/viewSuggestions.aspx">
<system.web>
<authorization>
<allow users="domain\user1" roles="domain\role1" />
<deny users="*" />
</authorization>
</system.web>
</location>
In each case, a logon box will pop up if the user cannot be properly
authenticated. Once authenticated, the user will have whatever rights they
have in SQL Server.
While I love integrated security in SQL Server, it is often a pain in web
applications, which leads many developers to open huge security holes in
their apps. On the converse, I see developers using sa to access a SQL
Server with mixed mode security, so it is a double-edged sword, or damned if
you do, damned if you don't. One other risk with integrated security is
maintenance of accounts with access. This can be reduced by adding a user
group to a SQL role and adding users to that group, but there are some
potential sticking points there.
The point is, when you use integrated security, you end up having to work
with the Windows security model, which means you will either restrict the
anonymous account through NTFS permissions on the directory (folder) in
Windows Explorer or you will turn off anonymous access altogether. In .NET,
you also have the option of setting up specific pages where they only allow
specific domain groups, which accomplishes the same thing.
-- Gregory A. Beamer MVP; MCP: +I, SE, SD, DBA Author: ADO.NET and XML: ASP.NET on the Edge **************************************************************************** **** Think outside the box! **************************************************************************** **** "Tom" <tbekasiewicz@poczta.onet.pl> wrote in message news:09b301c29c5a$11ee1300$d2f82ecf@TK2MSFTNGXA09... > Hi Gregory > Thank you for post. > But, could you explain me how can I do it. > I want to logon to the virtual catalog from the internet > as the windows user then I want to logon to the SQL Server > 2000 as the same user as in Windows 2000 Server in the > previous operation. When I logon to the IIS 5.0 from the > internet I'am the user from the group of Windows users and > now I want a permission to the SQL Server 2000 database > (In the SQL Server 2000 and in the Windows 2000 AS are the > same users, and I have a permission to all the tables in > the database). I don't want to logon to the SQL Server as > the user ASPNET I want to logon to the SQL Server 2000 as > the user from the internet. > Plese replay... > > > >-----Original Message----- > >Can the anonymous access completely. Then, the user will > have to > >authenticate as something other than ASPNET or > IUSR_ComputerName. The other > >option is to reduce security by allowing the ASPNET and > IUSR_ComputerName > >accounts access to the database. > > > >-- > >Gregory A. Beamer > >MVP; MCP: +I, SE, SD, DBA > >Author: ADO.NET and XML: ASP.NET on the Edge > > > >********************************************************** > ****************** > >**** > >Think outside the box! > >********************************************************** > ****************** > >**** > >"Tom" <tbekasiewicz@poczta.onet.pl> wrote in message > >news:072e01c29b96$ec93e3f0$d5f82ecf@TK2MSFTNGXA12... > >> Hi everyb. > >> > >> I use IIS 5.0 and Win 2000 AS. > >> In my operating system I have two user accounts. > >> The authentication in ASP.NET application is "Windows > >> authentication". The SQL Server 2000 has "Windows > >> authentication", and has the same users as in Win 2000 > AS. > >> In my machine.config file I have changed the > >> <processModel/> tag: > >> > >> </processModel > >> ... > >> userName="system" > >> password="autogenerate" > >> ... > >> /> > >> > >> In properties of virtual catalog on IIS 5.0 I have > checked > >> the second Checkbox - Base authentication. > >> When I login to the server from the intrnet and I put > the > >> login and the password, I have got the message that the > >> ASPNET user hasn't got permission to the SQL Server > 2000. > >> I want to login to the SQL Server 2000 as the user from > >> the Windows 2000 AS system. > >> Could you help me, please... > >> > > > > > >. > >
- Next message: krishna c kanthety: "Re: Accessing variables"
- Previous message: Larry Hastings: "Re: ASPX throws a 404 error when Anonymous Access is disabled."
- In reply to: Tom: "Re: User ASPNET in SQL Server 2000"
- Next in thread: Tom: "Re: User ASPNET in SQL Server 2000"
- Reply: Tom: "Re: User ASPNET in SQL Server 2000"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
