Re: ASP.NET + SQL Server Windows authentication
From: Lior Amar (lior_amar_at_hotmail.com)
Date: 08/27/03
- Previous message: John Saunders: "Re: Implementing Security - Advice Please"
- In reply to: Lior Amar: "ASP.NET + SQL Server Windows authentication"
- Next in thread: Lewis Wang [MSFT]: "Re: ASP.NET + SQL Server Windows authentication"
- Reply: Lewis Wang [MSFT]: "Re: ASP.NET + SQL Server Windows authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 27 Aug 2003 12:09:30 -0400
Think the problem is just a limitation of NTLM single hop. Don't think there
is a way around it other than using SSL and Basic Authentication. ASPNET is
set up properly and is impersonating the user approriately. Don't think
there is anyway around this limitation.
Thanks for the help though
Lior
"Lior Amar" <lior_amar@hotmail.com> wrote in message
news:uHPZbT#aDHA.2928@tk2msftngp13.phx.gbl...
> Hey All,
>
> Trying to understand why I can not get SQL server to trust my IIS server.
I
> have two machines set up, 1 App and 1 DB, and I'm trying to validate the
> applications access to the DB server via NT Authentication. The App comes
in
> via NTLM which from my understanding only supports Single hop security
> delegation. So far I understand why it doesn't work, although seems to me
> like a very bad problem. Now, Basic Authentication will transfer the PW
and
> the UID which will allow IIS to login to the DB server and then NT
> Authentication will work. But we all know how non-secure Basic
> Authentication is.
>
> Here's the confusion, if Kerberos permits token transferring with no
> limitation why can't IIS receive a token via NTLM and transfer it to the
DB
> server?
>
> I've been reading all of these articles
>
>
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vbcon/html/
> vbconaccessingsqlserverfromwebapplication.asp
>
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vbcon/html/
> vbtskaccessingsqlserverusingwindowsintegratedsecurity.asp
>
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnauth/html
> /dnauth_security.asp
>
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnauth/html
> /signfaq.asp
> http://support.microsoft.com/default.aspx?scid=kb;en-us;Q176377
>
> and a bunch of other documents and they all come down to two valid
> solutions: Basic Authentication or SQL Users. These are only valid if the
> level of security you wish to achieve is not something that needs to pass
a
> certain level of security (would not pass in industries that require
maximum
> security).
>
> If I am bound to NT Authentication, is my only option Basic Authentication
> (of course under SSL)? And why is it that we don't have these problems
with
> other Database vendors? Is there any way we can utilize ADSI to get the
> users NTLM credentials to pass on to SQL server?
>
> Any help or suggestions will be very appreciated.
>
> Thank you,
>
>
>
>
- Previous message: John Saunders: "Re: Implementing Security - Advice Please"
- In reply to: Lior Amar: "ASP.NET + SQL Server Windows authentication"
- Next in thread: Lewis Wang [MSFT]: "Re: ASP.NET + SQL Server Windows authentication"
- Reply: Lewis Wang [MSFT]: "Re: ASP.NET + SQL Server Windows authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
