Re: Impersonation ASPNET SQL Server

From: Yan-Hong Huang[MSFT] (yhhuang_at_online.microsoft.com)
Date: 06/11/03

• Next message: Mattias Geisler: "Problemes with Authentication"
• Previous message: Luke Zhang [MS]: "RE: VS.Net, Integrated Authentication, Password"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 11 Jun 2003 07:40:12 GMT

Hello Rob,

Did you mean you stored username/password in the DB? After authenticated,
you want to impersonate some special user accounts to access DB?

If so, I think you need to impersonate those user accounts in asp.net
manually. First, you need to authenticate user by checking them in SQL DB.
Then you need to impersonate user in code. Then access DB.

Please correct me if I have misunderstood anything.

Best regards,
yhhuang
VS.NET, Visual C++
Microsoft

This posting is provided "AS IS" with no warranties, and confers no rights.
Got .Net? http://www.gotdotnet.com
--------------------
!From: "Rob Edwards" <RobEdwards@Landam.com>
!References: <eRlLX73KDHA.1612@TK2MSFTNGP11.phx.gbl>
<qsBwM6#KDHA.2108@cpmsftngxa06.phx.gbl>
!Subject: Re: Impersonation ASPNET SQL Server
!Date: Fri, 6 Jun 2003 07:53:05 -0400
!Lines: 85
!X-Priority: 3
!X-MSMail-Priority: Normal
!X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
!X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
!Message-ID: <epFPpICLDHA.1636@TK2MSFTNGP11.phx.gbl>
!Newsgroups: microsoft.public.dotnet.framework.aspnet.security
!NNTP-Posting-Host: 206.211.100.132
!Path:
cpmsftngxa06.phx.gbl!TK2MSFTNGXA06.phx.gbl!TK2MSFTNGXA05.phx.gbl!TK2MSFTNGP0
8.phx.gbl!TK2MSFTNGP11.phx.gbl
!Xref: cpmsftngxa06.phx.gbl
microsoft.public.dotnet.framework.aspnet.security:5439
!X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
!
!While the link is interesting, it doesn't discuss configuration options for
!what I am trying to accomplish. Does anyone have a successful environment
!running with true authentication to a SQL box that is different from the
IIS
!box?
!
!
!"Yan-Hong Huang[MSFT]" <yhhuang@online.microsoft.com> wrote in message
!news:qsBwM6%23KDHA.2108@cpmsftngxa06.phx.gbl...
!> Hello Rob,
!>
!> I suggest you refer to
!> http://msdn.microsoft.com/architecture/application/default.aspx.
!>
!> "Designing Data Tier Components and Passing Data Through Tiers" may help
!> you. It describes how to best expose your data to Microsoft .NET
!> applications and how to implement an effective strategy for passing data
!> between the tiers in a distributed application.
!>
!> HTH.
!>
!> Best regards,
!> yhhuang
!> VS.NET, Visual C++
!> Microsoft
!>
!> This posting is provided "AS IS" with no warranties, and confers no
!rights.
!> Got .Net? http://www.gotdotnet.com
!> --------------------
!> !From: "Rob Edwards" <RobEdwards@Landam.com>
!> !Subject: Impersonation ASPNET SQL Server
!> !Date: Thu, 5 Jun 2003 12:23:54 -0400
!> !Lines: 129
!> !MIME-Version: 1.0
!> !Content-Type: multipart/alternative;
!> ! boundary="----=_NextPart_000_003C_01C32B5D.54AE5550"
!> !X-Priority: 3
!> !X-MSMail-Priority: Normal
!> !X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
!> !X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
!> !Message-ID: <eRlLX73KDHA.1612@TK2MSFTNGP11.phx.gbl>
!> !Newsgroups: microsoft.public.dotnet.framework.aspnet.security
!> !NNTP-Posting-Host: 206.211.100.132
!> !Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP11.phx.gbl
!> !Xref: cpmsftngxa06.phx.gbl
!> microsoft.public.dotnet.framework.aspnet.security:5432
!> !X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
!> !
!> !OK.... after going round-and-round with impersonation, ASPNet, Active
!> Directory and SQL server hopefully someone can provide the definitive
!> solution.
!> !Scenario:
!> !Web Server running Windows 2003 Server
!> !SQL Server running SQL Server 2000
!> !Active Directory running on Windows 2003
!> !User machines running Windows XP or Windows Professional with SP3
!> !Goal: Pass the original caller from the workstation all the way to the
!> database.
!> !I've read just about every resource I can find (Building Secure ASP.NET
!> Applications: Authentication, and Secure Communication is just one
!> example) on this subject and have yet to find a way to use Windows
!> Authentication and impersonate the user's identity in the database
!(without
!> using Basic authentication).
!> !The servers have been set to delegation in AD. The users have been set
!to
!> delegate as well. I'm using Kerberos instead of NTLM. Identity
!> Impersonate = "true", etc. etc.
!> !I wouldn't think it would be that difficult for the web server to pass
!the
!> identity on to the database (we have auditing requirements) but I just
!> can't make it work.
!> !What I'm looking for (if someone would be so kind)....
!> !IIS Settings
!> !IIS Accounts (I've used the ASPNET account as well as a domain account).
!> !SQL Server account requirements
!> !Web.Config
!> !Machine.Config
!> !Any help provided would be greatly appreciated.
!> !Thanks,
!> !Rob
!> !
!>
!
!
!

• Next message: Mattias Geisler: "Problemes with Authentication"
• Previous message: Luke Zhang [MS]: "RE: VS.Net, Integrated Authentication, Password"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint