server authentication & ASP authentication

From: Ian (igaydos@fuse.net)
Date: 07/05/02

• Next message: Sriram Ganapathy[MS]: "RE: NT User vs NT Group"
• Previous message: Farooq Mahmud [MS]: "RE: protected storage"
• In reply to: Jakub Jablonski: "server authentication & ASP authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "Ian" <igaydos@fuse.net>
Date: Fri, 5 Jul 2002 07:38:27 -0700

Is this an Intranet application where all of your users
are logged into the NT domain? If so, I would say you set
up NT groups for your 20 different categories and place
the 120 users into the appropriate NT group. You can then
use Integrated security rather than SQL logins (save you
time in the future as users leave the company). Also, only
give access to execute stored procs rather than raw SQL
against tables. That will keep the more savvy users from
running ad hocs through linked tables in Access. Hope this
helps.

>-----Original Message-----
>Hello
>I am designing quite a big database, about 50 tables,
about 120 users
>divided in about 20 categories with different privileges.
Users use the
>database only through the ASP application which gives
them acces to
>different functions based on their name and category.
>
>My question is: how to design security. I have a few
ideas:
>
>a) I create 120 server logins mapped to 120 database
users, 20 database
>roles, and send login and password entered by the user
directly to the
>SQL Server for authentication. I don't store passwords
either in ASP
>scripts or in my custom tables.
>
>b) I create 1 server login, 1 database user and store
login and password
>hard-coded in ASP script. I still need to store passwords
of my users in
>a table and authenticate them in ASP.
>
>c) I create 1 application role, but I don't see much
difference with
>previous solution.
>
>Could someone point out pros & cons of these solutions,
or suggest
>something else?
>
>
>Jakub Jablonski
>
>.
>

---

• Next message: Sriram Ganapathy[MS]: "RE: NT User vs NT Group"
• Previous message: Farooq Mahmud [MS]: "RE: protected storage"
• In reply to: Jakub Jablonski: "server authentication & ASP authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages server authentication & ASP authentication ... I am designing quite a big database, about 50 tables, about 120 users ... I don't store passwords either in ASP ... (microsoft.public.sqlserver.security) Re: Converting from asp to asp.net / security ... The database would need to remain, and the users login. ... > up .config files for specific directories. ... > benefit hard to achieve in ASP: ... (microsoft.public.dotnet.framework.aspnet) Re: ASP Login Script not working ... And by the way here is a simple overview of how I deal with the login of ... database, sets the username and userlevel session variables accordingly, ... J. Paul Schmidt, Freelance ASP Web Designer ... (microsoft.public.inetserver.asp.general) Re: How do I create a user login for visitors to my site? ... there are two ways either ASP or PHP. ... well asp is Good but for small database ... must register a login name / password to gain access to restricted areas ... their login details - i.e. they have to click a link in the email address ... (microsoft.public.frontpage.programming) Re: SQL Server Login Failed from ASP ... How did you move the database? ... > We recently moved SQL Server 2000 to another machine keeping IIS-5.0 ... When I tried to test one of my ASP page I got this ... > requested in login 'DataBaseX'. ... (microsoft.public.sqlserver.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(11)