Re: User ASPNET in SQL Server 2000
From: Tom (tbekasiewicz@poczta.onet.pl)
Date: 12/09/02
- Next message: Phani R C Chowdary Koganti: "Re: User ASPNET in SQL Server 2000"
- Previous message: Kenny Zhou [MSFT]: "RE: Folder Share Authentication"
- In reply to: Cowboy \(Gregory A. Beamer\): "Re: User ASPNET in SQL Server 2000"
- Next in thread: Phani R C Chowdary Koganti: "Re: User ASPNET in SQL Server 2000"
- Reply: Phani R C Chowdary Koganti: "Re: User ASPNET in SQL Server 2000"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Tom" <tbekasiewicz@poczta.onet.pl> Date: Mon, 9 Dec 2002 01:14:51 -0800
Thank you very much for post. Your post was very helpful.
It is very good to have such a user in newsgroup.
Tom
>-----Original Message-----
>When you hit a web application that has anonymous access,
IIS does the lazy
>thing and authenticates you as IUSR_ComputerName. This is
a local account
>for the web server box. If you know everyone that uses an
app is a domain
>user, you can simply open the Internet Services Manager,
browse the web app
>in question, and turn off anonymous access.
>
>You can also change the NTFS permissions on the directory
that contains your
>pages, and only allow those that have access. This will
force a logon.
>
>You can also set up a location section in web.config and
give specific
>authorization, as in:
>
><location path="suggestion/view/viewSuggestions.aspx">
> <system.web>
> <authorization>
> <allow users="domain\user1" roles="domain\role1" />
> <deny users="*" />
> </authorization>
> </system.web>
></location>
>
>In each case, a logon box will pop up if the user cannot
be properly
>authenticated. Once authenticated, the user will have
whatever rights they
>have in SQL Server.
>
>While I love integrated security in SQL Server, it is
often a pain in web
>applications, which leads many developers to open huge
security holes in
>their apps. On the converse, I see developers using sa to
access a SQL
>Server with mixed mode security, so it is a double-edged
sword, or damned if
>you do, damned if you don't. One other risk with
integrated security is
>maintenance of accounts with access. This can be reduced
by adding a user
>group to a SQL role and adding users to that group, but
there are some
>potential sticking points there.
>
>The point is, when you use integrated security, you end
up having to work
>with the Windows security model, which means you will
either restrict the
>anonymous account through NTFS permissions on the
directory (folder) in
>Windows Explorer or you will turn off anonymous access
altogether. In .NET,
>you also have the option of setting up specific pages
where they only allow
>specific domain groups, which accomplishes the same thing.
>
>--
>Gregory A. Beamer
>MVP; MCP: +I, SE, SD, DBA
>Author: ADO.NET and XML: ASP.NET on the Edge
>
>**********************************************************
******************
>****
>Think outside the box!
>**********************************************************
******************
>****
>"Tom" <tbekasiewicz@poczta.onet.pl> wrote in message
>news:09b301c29c5a$11ee1300$d2f82ecf@TK2MSFTNGXA09...
>> Hi Gregory
>> Thank you for post.
>> But, could you explain me how can I do it.
>> I want to logon to the virtual catalog from the internet
>> as the windows user then I want to logon to the SQL
Server
>> 2000 as the same user as in Windows 2000 Server in the
>> previous operation. When I logon to the IIS 5.0 from the
>> internet I'am the user from the group of Windows users
and
>> now I want a permission to the SQL Server 2000 database
>> (In the SQL Server 2000 and in the Windows 2000 AS are
the
>> same users, and I have a permission to all the tables in
>> the database). I don't want to logon to the SQL Server
as
>> the user ASPNET I want to logon to the SQL Server 2000
as
>> the user from the internet.
>> Plese replay...
>>
>>
>> >-----Original Message-----
>> >Can the anonymous access completely. Then, the user
will
>> have to
>> >authenticate as something other than ASPNET or
>> IUSR_ComputerName. The other
>> >option is to reduce security by allowing the ASPNET and
>> IUSR_ComputerName
>> >accounts access to the database.
>> >
>> >--
>> >Gregory A. Beamer
>> >MVP; MCP: +I, SE, SD, DBA
>> >Author: ADO.NET and XML: ASP.NET on the Edge
>> >
>>
>**********************************************************
>> ******************
>> >****
>> >Think outside the box!
>>
>**********************************************************
>> ******************
>> >****
>> >"Tom" <tbekasiewicz@poczta.onet.pl> wrote in message
>> >news:072e01c29b96$ec93e3f0$d5f82ecf@TK2MSFTNGXA12...
>> >> Hi everyb.
>> >>
>> >> I use IIS 5.0 and Win 2000 AS.
>> >> In my operating system I have two user accounts.
>> >> The authentication in ASP.NET application is "Windows
>> >> authentication". The SQL Server 2000 has "Windows
>> >> authentication", and has the same users as in Win
2000
>> AS.
>> >> In my machine.config file I have changed the
>> >> <processModel/> tag:
>> >>
>> >> </processModel
>> >> ...
>> >> userName="system"
>> >> password="autogenerate"
>> >> ...
>> >> />
>> >>
>> >> In properties of virtual catalog on IIS 5.0 I have
>> checked
>> >> the second Checkbox - Base authentication.
>> >> When I login to the server from the intrnet and I put
>> the
>> >> login and the password, I have got the message that
the
>> >> ASPNET user hasn't got permission to the SQL Server
>> 2000.
>> >> I want to login to the SQL Server 2000 as the user
from
>> >> the Windows 2000 AS system.
>> >> Could you help me, please...
>> >>
>> >
>> >
>> >.
>> >
>
>
>.
>
- Next message: Phani R C Chowdary Koganti: "Re: User ASPNET in SQL Server 2000"
- Previous message: Kenny Zhou [MSFT]: "RE: Folder Share Authentication"
- In reply to: Cowboy \(Gregory A. Beamer\): "Re: User ASPNET in SQL Server 2000"
- Next in thread: Phani R C Chowdary Koganti: "Re: User ASPNET in SQL Server 2000"
- Reply: Phani R C Chowdary Koganti: "Re: User ASPNET in SQL Server 2000"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
