Re: ASP.NET + SQL Server Windows authentication

From: Lewis Wang [MSFT] (v-lwang_at_online.microsoft.com)
Date: 08/28/03 

Date: Thu, 28 Aug 2003 09:47:34 GMT

Hi Lior,

You may check this link for your reference.

Windows Integrated Security with IIS, ASP.NET, SQL Server across multiple
servers
http://groups.google.com/groups?hl=zh-CN&lr=lang_zh-CN|lang_zh-TW|lang_nl|la
ng_en&ie=UTF-8&oe=UTF-8&frame=right&th=f63605f61d2b9a59&seekm=04b501c320a8%2
49493bad0%24a301280a%40phx.gbl#link2

I think this problem may be better answered in
microsoft.public.inetserver.iis.security. Thanks.

Hope this helps.

Best regards,
Lewis

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: "Lior Amar" <lior_amar@hotmail.com>
| References: <uHPZbT#aDHA.2928@tk2msftngp13.phx.gbl>
| Subject: Re: ASP.NET + SQL Server Windows authentication
| Date: Wed, 27 Aug 2003 12:09:30 -0400
| Lines: 71
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2800.1106
| X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
| Message-ID: <eRxXzVLbDHA.4020@tk2msftngp13.phx.gbl>
| Newsgroups:
microsoft.public.dotnet.framework.aspnet,microsoft.public.dotnet.framework.a
spnet.security,microsoft.public.sqlserver.security
| NNTP-Posting-Host: p113.n-sfpop03.stsn.com 199.107.154.113
| Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
| Xref: cpmsftngxa06.phx.gbl
microsoft.public.dotnet.framework.aspnet.security:6451
microsoft.public.sqlserver.security:15430
microsoft.public.dotnet.framework.aspnet:171959
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
|
| Think the problem is just a limitation of NTLM single hop. Don't think
there
| is a way around it other than using SSL and Basic Authentication. ASPNET
is
| set up properly and is impersonating the user approriately. Don't think
| there is anyway around this limitation.
|
| Thanks for the help though
|
| Lior
|
|
| "Lior Amar" <lior_amar@hotmail.com> wrote in message
| news:uHPZbT#aDHA.2928@tk2msftngp13.phx.gbl...
| > Hey All,
| >
| > Trying to understand why I can not get SQL server to trust my IIS
server.
| I
| > have two machines set up, 1 App and 1 DB, and I'm trying to validate the
| > applications access to the DB server via NT Authentication. The App
comes
| in
| > via NTLM which from my understanding only supports Single hop security
| > delegation. So far I understand why it doesn't work, although seems to
me
| > like a very bad problem. Now, Basic Authentication will transfer the PW
| and
| > the UID which will allow IIS to login to the DB server and then NT
| > Authentication will work. But we all know how non-secure Basic
| > Authentication is.
| >
| > Here's the confusion, if Kerberos permits token transferring with no
| > limitation why can't IIS receive a token via NTLM and transfer it to the
| DB
| > server?
| >
| > I've been reading all of these articles
| >
| >
|
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vbcon/html/
| > vbconaccessingsqlserverfromwebapplication.asp
| >
|
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vbcon/html/
| > vbtskaccessingsqlserverusingwindowsintegratedsecurity.asp
| >
|
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnauth/html
| > /dnauth_security.asp
| >
|
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnauth/html
| > /signfaq.asp
| > http://support.microsoft.com/default.aspx?scid=kb;en-us;Q176377
| >
| > and a bunch of other documents and they all come down to two valid
| > solutions: Basic Authentication or SQL Users. These are only valid if
the
| > level of security you wish to achieve is not something that needs to
pass
| a
| > certain level of security (would not pass in industries that require
| maximum
| > security).
| >
| > If I am bound to NT Authentication, is my only option Basic
Authentication
| > (of course under SSL)? And why is it that we don't have these problems
| with
| > other Database vendors? Is there any way we can utilize ADSI to get the
| > users NTLM credentials to pass on to SQL server?
| >
| > Any help or suggestions will be very appreciated.
| >
| > Thank you,
| >
| >
| >
| >
|
|
|

Relevant Pages

  • Re: hack using xp_cmdshell
    ... I'm no security expert, so please forgive if I'm not using the right ... install SQL Server in Windows Only mode and then Switch down to Mixed mode, ... Is the SQL Server instance a default instance? ... > port 65300, which has never been open on my firewall. ...
    (microsoft.public.sqlserver.server)
  • Re: Access Denied to share with anonymous access disabled
    ... > Integrated Windows authentication, then you are looking at the classic ... > server, why should the server automatically be able to use your ... > ASPNet local user account full access to the share. ... > anonymous access with integrated windows security on the web site. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Potential vulnerabilities of the Microsoft RVP-based Instant Messaging
    ... >> Further to Greg's comments about this Encode Security Labs ... >> NTLM for authentication, ... > NTLM is a unilateral authentication protocol where the server ...
    (NT-Bugtraq)
  • Re: WCF security advice (and clarification) needed
    ... You, the client, resolve the foo.mycompany.com hostname within your ... TCP/IP) with that ticket as the security token. ... There are two parties participating in a security scenario, the server ... HTTP supports other authentication ...
    (microsoft.public.dotnet.framework.webservices)
  • Re: Trusted connections??
    ... implement role or user based security at the SQL Server. ... If the ASP.Net app controls what the user can request of the database then I ... I implement user authentication at the application and the application ...
    (microsoft.public.dotnet.framework.aspnet)