Re: User ASPNET in SQL Server 2000
From: Larry Hastings (greg.@remove-me.unixsucks.com)
Date: 12/06/02
- Next message: Felix Wu: "Re: Hosting from a network share."
- Previous message: Aaron Margosis [MS]: "Re: User ASPNET in SQL Server 2000"
- In reply to: Aaron Margosis [MS]: "Re: User ASPNET in SQL Server 2000"
- Next in thread: Aaron Margosis [MS]: "Re: User ASPNET in SQL Server 2000"
- Reply: Aaron Margosis [MS]: "Re: User ASPNET in SQL Server 2000"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Larry Hastings" <greg.@remove-me.unixsucks.com> Date: Thu, 5 Dec 2002 21:59:51 -0600
Without SSL this implementation would be a security nightmare, with SSL it would be dragging feet.
"Aaron Margosis [MS]" <aaronmaronline@microsoft.com> wrote in message news:OvwtXmNnCHA.1612@TK2MSFTNGP12...
> Actually it's not that hard and you don't need to enable delegation.
>
> Assuming that the IIS and SQL boxes are in the same domain ...
>
> In Internet Services Manager, enable Basic authentication and disable
> anonymous access. (You should also require SSL.)
>
> In your web.config, specify <authentication mode="Windows" /> and <identity
> impersonate="true" />.
>
> Make sure that the connection properties for your SQL connection (e.g., your
> connection string) specifies integrated security (e.g., "Integrated
> Security=SSPI") and not a username and password.
>
> When your ASP.NET web app connects to SQL Server, it will do so as the
> Windows user who logged on to your site.
>
> BTW, the paper referenced below is a good one to look at.
>
> HTH
>
> -- Aaron
>
>
> "Arild Bakken" <arildb_@hotmail.com> wrote in message
> news:eHcs$lKnCHA.2336@TK2MSFTNGP11...
> > This is no easy scenario. You should look at the whitepaper on MSDN
> > describing security in .NET applications:
> >
> >
> >
> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/ht
> > ml/secnetlpMSDN.asp
> >
> > I think that if you need to use integrated autentication on the SQL server
> > you'll need to setup for delegation, as that is the only way the
> credentials
> > for the logged on user can be passed to other network resources.
> >
> >
> > Arild
> >
> > Tom wrote:
> > > Hi everyb.
> > >
> > > I use IIS 5.0 and Win 2000 AS.
> > > In my operating system I have two user accounts.
> > > The authentication in ASP.NET application is "Windows
> > > authentication". The SQL Server 2000 has "Windows
> > > authentication", and has the same users as in Win 2000 AS.
> > > In my machine.config file I have changed the
> > > <processModel/> tag:
> > >
> > > </processModel
> > > ...
> > > userName="system"
> > > password="autogenerate"
> > > ...
> > > />
> > >
> > > In properties of virtual catalog on IIS 5.0 I have checked
> > > the second Checkbox - Base authentication.
> > > When I login to the server from the intrnet and I put the
> > > login and the password, I have got the message that the
> > > ASPNET user hasn't got permission to the SQL Server 2000.
> > > I want to login to the SQL Server 2000 as the user from
> > > the Windows 2000 AS system.
> > > Could you help me, please...
> >
> >
>
>
- Next message: Felix Wu: "Re: Hosting from a network share."
- Previous message: Aaron Margosis [MS]: "Re: User ASPNET in SQL Server 2000"
- In reply to: Aaron Margosis [MS]: "Re: User ASPNET in SQL Server 2000"
- Next in thread: Aaron Margosis [MS]: "Re: User ASPNET in SQL Server 2000"
- Reply: Aaron Margosis [MS]: "Re: User ASPNET in SQL Server 2000"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
