Re: integrated security over vpn

From: Joe Kaplan (ilearnedthisthehardway@noway.com)
Date: 03/21/03 

From: "Joe Kaplan" <ilearnedthisthehardway@noway.com>
Date: Fri, 21 Mar 2003 08:01:08 -0600

I think you will need some sort of a proxy between the application and the
database such as a web service like I suggested below unless you can somehow
get a logon token from the VPN.

Good luck,

Joe

"Gary" <Jombo@goggle.net> wrote in message
news:eCo6wM07CHA.2300@TK2MSFTNGP11.phx.gbl...
> Joe,
> SQL 2000 is using Windows Authentication, and I can access tables, Stored
> procedures, etc without any trouble. My application is almost finished
and
> works fine over VPN. Problem comes in when I try to put in application
> level security i.e. user in role 'dont touch that' can't use this delete
> button or edit this field. When I use the WindowsPrinicpal logic, it
> returns the username of the local machine. What I'm looking for is a way
to
> lookup the VPN authenticated user.
>
> "Joe Kaplan" <ilearnedthisthehardway@noway.com> wrote in message
> news:OG3IW2y7CHA.2052@TK2MSFTNGP11.phx.gbl...
> > Are you using Windows authentication with SQL Server or SQL Server
> > authentication?
> >
> > If you are using Windows authentication, then the current app needs to
be
> > running as a user with permissions to access the server. This might not
> be
> > easy to do on a home machine scenario as I would expect the home machine
> to
> > not be in the domain. You also can't create an appropriate token to
> > impersonate the user unless the current machine is in the domain.
> >
> > There might be some fancy way to do this using remoting or something,
but
> I
> > have no idea how to do that. Another thing to consider using would be
web
> > services. You could create a web service that returns and accepts the
> > required datasets. From there, you can use the IIS Windows
authentication
> > system. It sounds like it starts to get pretty complicated though.
> >
> > Joe K.
> >
> > "Gary" <Jombo@goggle.net> wrote in message
> > news:OC1B$Sx7CHA.1808@TK2MSFTNGP12.phx.gbl...
> > > There are no web services used. VPN provides access to a SQL server
> which
> > > is secured behind a firewall. The local app runs in disconnected mode
> > using
> > > DataSets to hold data, only updating the SQL server as required.
There
> > are
> > > a few text based files that are server based that the program
> periodically
> > > accesses, but that is primarially log based fuctionality.
> > >
> > >
> > > "Joe Kaplan" <ilearnedthisthehardway@noway.com> wrote in message
> > > news:ezarIjw7CHA.1604@TK2MSFTNGP10.phx.gbl...
> > > > Can you say a little bit more about how the app works over the VPN?
> > What
> > > is
> > > > being accessed remotely if the app is run locally? Is there a web
> > > > application or web service that is invoked?
> > > >
> > > > Joe K.
> > > >
> > > > "Gary" <Jombo@goggle.net> wrote in message
> > > > news:#Cr32Lq7CHA.2052@TK2MSFTNGP11.phx.gbl...
> > > > > Using vb.net, I am considering using integrated role-based
security
> to
> > > > > secure the application. Most users, however, will be running the
vb
> > app
> > > > > locally on their home computers tied back to the corporate offices
> via
> > > > VPN.
> > > > > SQL is smart enough to use the vpn connection login name, can .Net
> do
> > > > that.
> > > > > I have tried using WindowsPrincipal, which does return my local
> > > username,
> > > > > but I do not see any methods to address this particular need. Any
> > ideas
> > > > > greatly appreciated.
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Quantcast