Re: SBS 2000 + ASP.NET 1.1 + IIS Lockdown not working.
From: Douglas J. Badin (DJBadin_at_NOSPAM.msn.com)
Date: 11/14/03
- Next message: NTFS Security Settings: "Discrepancies in folder securities"
- Previous message: Phil: "Problem after installing SUS Server on SPSv1 SP2 Server"
- In reply to: Wei-Dong Xu [MSFT]: "RE: SBS 2000 + ASP.NET 1.1 + IIS Lockdown not working."
- Next in thread: Wei-Dong Xu [MSFT]: "Re: SBS 2000 + ASP.NET 1.1 + IIS Lockdown not working."
- Reply: Wei-Dong Xu [MSFT]: "Re: SBS 2000 + ASP.NET 1.1 + IIS Lockdown not working."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 14 Nov 2003 10:00:42 -0500
Hi Wei-Dong,
Currently I am using Windows authentication. I will try SQL Server
authentication.
I am familiar with Q329290. I was using it for the identity and
processModel sections of the config file. The article also only talked
about the sessionState section so I thought it was just limited to those 3.
I will give it try as you suggest.
I guess that means you are not aware of an existing IIS Lockdown template to
handle this?
Thanks,
Doug
"Wei-Dong Xu [MSFT]" <v-wdxu@online.microsoft.com> wrote in message
news:4fbC5QoqDHA.1804@cpmsftngxa06.phx.gbl...
> Hi Douglas,
>
> For your scenario, I'd suggest to create one new account will be simple
for you on the maintenance of this system. Since the impersonate privilege
> will stop the new account to database. Based on my experience, you can
change the SQL authentication mode from windows integrated mode to
> SQL server mode. Then specify the connection string and username with
password in your .Net application config file. This was unsafe before, for
all
> the important information is stored as clear text. But now, Microsoft has
provided one encryption tool for this usage. You can encrypt these string
> with the tool and store them in the registry or still in the config file.
In this way, you can only focus on one account in the system for your .net
> application. You can obtain more information from the kb article 329290
which introduces the detailed information about the usage of this tool.
> Please go to:
> 329290 HOW TO: Use the ASP.NET Utility to Encrypt Credentials and Session
State
> http://support.microsoft.com/?id=329290
>
> Furthermore, the November volume of MSDN magazine gives many very helpful
articles on secure which may provide some assistance for your
> application. Please go to:
> http://msdn.microsoft.com/msdnmag/issues/03/11/default.aspx
>
> Please feel free to let me know if you have any further questions.
>
> Does this answer your question? Thank you for using Microsoft NewsGroup!
>
> Wei-Dong Xu
> Microsoft Product Support Services
> Get Secure! - www.microsoft.com/security
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
>
- Next message: NTFS Security Settings: "Discrepancies in folder securities"
- Previous message: Phil: "Problem after installing SUS Server on SPSv1 SP2 Server"
- In reply to: Wei-Dong Xu [MSFT]: "RE: SBS 2000 + ASP.NET 1.1 + IIS Lockdown not working."
- Next in thread: Wei-Dong Xu [MSFT]: "Re: SBS 2000 + ASP.NET 1.1 + IIS Lockdown not working."
- Reply: Wei-Dong Xu [MSFT]: "Re: SBS 2000 + ASP.NET 1.1 + IIS Lockdown not working."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
