Re: Windows Authentication in asp.net 2005 to SQL Server?

---

• From: "John" <IDontLikeSpam@xxxxxxxxxxx>
• Date: Fri, 3 Mar 2006 09:50:31 -0800

---

Thanks a bunch Joe for your reply. Been looking around forever and a few
similar posts and finally some helpful info thanks to you :-)

I guess I would say my connection string would be the 'delegated' type since
we need to have individual logins for auditing and not just one generic
account to do the backend data stuff on our SQL Server. Also all examples
I've seen out there are usually for the IIS and SQL Server to be on the same
machine and/or same domain but like you mentioned our set up is a little
different and appears to be tricky like I had estimated. Our SQL Server and
web server are on separate machines and are on different domains also. So
for this reason I have been using SQL authentication in my connection
strings and not Windows authentication because of the double hop, different
domain and machines. I had tried to create a domain user account that our
web server is on a while back and then tried to have that windows domain
user account log in to our SQL Server with Windows authentication but kept
getting connections errors. Would Windows Basic authentication wrapped in
https going from our web server trying to connect to our SQL Server which
are separate computers and separate domains possible?

Thanks Joe.

J



"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx> wrote
in message news:eIE$6QtPGHA.312@xxxxxxxxxxxxxxxxxxxxxxx

You can definitely use Basic authentication here (along with SSL) to
authenticate the users. You might also consider using IWA as well if you
want the ability for your users to authenticate automatically.

Note that to authenticate users in your domain, your web server and SQL
server must be members of your Active Directory domain.

Additionally, to use IWA, you will need to implement Kerberos delegation
so that the web app can successfully forward the user's credentials to SQL
server. This can be tricky, but there are some great documents out there
specifying how to implement it.

If you don't have a domain, you might not want to go down this path.
ASP.NET membership might work better for you with one of the SQL-based
stores. You could possibly still use SQL authentication to SQL or maybe
Windows auth. Out of curiosity, do your connection strings to SQL use a
fixed set of credentials or insert the authenticated user's credentials?
The former is called a "trusted subsystem" model and the latter is called
a "delegated" model. This is because with a trusted subsystem, a single
trusted account is used to perform actions against the backend on behalf
of all of the users of the app, while in a delegated model, the user's
credentials are used for accessing both the frontend and backend
resources. Kerberos delegation is just a way of delegating credentials
using built-in features of Windows security.

Joe K.

"John" <IDontLikeSpam@xxxxxxxxxxx> wrote in message
news:es9fyjiPGHA.3528@xxxxxxxxxxxxxxxxxxxxxxx

Sorry if this sounds like a novice question but we've been using SQL
Server logins and passwords from our home made .asp login page with the
whole connection string and app wrapped in https for individual users to
access the databases on our SQL Server. I'm looking into moving towards
asp.net 2005 and heard using Windows authentication is a better practice
in accessing SQL Server. I was wondering if anyone could tell me how
would one go about it in that there would be an initial login page or
login pop up (like the Windows authentication popup) where individual
users would enter in their valid windows login information which would
allow them to proceed to use the .net 2005 web app that connects to our
SQL Server. Just taking a guess...would it be good to use Windows Basic
authentication where it would pop up and the individual user can enter in
their info and use https to encrypt the database and app communication
since it's in clear text?

.

---

• Follow-Ups:
  • Re: Windows Authentication in asp.net 2005 to SQL Server?
    • From: Joe Kaplan \(MVP - ADSI\)

• References:
  • Windows Authentication in asp.net 2005 to SQL Server?
    • From: John
  • Re: Windows Authentication in asp.net 2005 to SQL Server?
    • From: Joe Kaplan \(MVP - ADSI\)

• Prev by Date: Re: RedirectFromLogin?
• Next by Date: Re: Windows Authentication in asp.net 2005 to SQL Server?
• Previous by thread: Re: Windows Authentication in asp.net 2005 to SQL Server?
• Next by thread: Re: Windows Authentication in asp.net 2005 to SQL Server?
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Windows Authentication in asp.net 2005 to SQL Server? ... If the domains do not trust each other, Windows authentication is not going ... Basic authentication sometimes makes the need for Kerberos delegation go ... generic account to do the backend data stuff on our SQL Server. ... (microsoft.public.dotnet.framework.aspnet.security) Re: Remote connection failed ... If you are going over a remote connection or are not logging ... into the domain where SQL Server is then no, Windows ... authentication won't work. ... (microsoft.public.sqlserver.connect) Re: Changing passwords / Blocking SA login attempts ... I went into the Server Config properties and changed to Windows ... My login for Start and Run SQL server was in this format. ... I am supposing this was an SQL authentication, ... (microsoft.public.sqlserver.security) Windows Authentication with IIS on separate machines ... Yes, setting Basic Authentication in IIS works, but the ... >in SQL server but doesn't work if user account was ... >imported from a Windows account. ... (microsoft.public.sqlserver.security) Re: Login failed for ServerGuest ... I think it is not a limitation in Windows 2000. ... access SQL server on Win2000 server by using Windows authenctication if I ... | I have noticed that when I try to log in using Windows Authentication ... (microsoft.public.sqlserver.connect)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)