Re: Windows Only Authentication

From: Fox (_at_)
Date: 10/22/03

  • Next message: Jasper Smith: "Re: Simple SQL Security Question From SQL Newbie"
    Date: Wed, 22 Oct 2003 17:29:07 -0400
    
    

    I was a bit wrong in the last message.
    It appears that the user must access
    an ASP page in a non-secured
    folder before they will be able to
    access an ASP page in the secured folder.
    That is weird, since they are already
    logged into the secured folder.

    To get around this I made one of the
    pages in the "default" framed page be
    an ASP page, located in a non-secured
    folder. I know this all sounds strange
    but it is how it is working.

    Do you have any idea why this is
    happening ?

    Regards,
    Fox

    "Fox" <fox @ connexions .net> wrote in message
    news:OcfHPfMmDHA.1096@TK2MSFTNGP11.phx.gbl...
    > Hi Sue,
    >
    > Thanks for your pointers. I went on a journey
    > and made some changes which work almost perfectly.
    >
    > One of my problems seems to have been that although
    > I selected "Authenticated Access" (cleart text PW)
    > in IIS, I did not deselect the challenge phrase option.
    > I see in my logs that this changed how the username
    > was logged, so it must also effect the login. With challenge
    > phrase also selected, the log showed "machinename/username".
    > With this deselected the log shows only "username".
    >
    > I made sure that all of my SQL options in Enterprise referred to
    > only "Windows Authentication". I gave access to all tables
    > as needed and gave read/list/read execute access in the folder
    > on the machine.
    >
    > OK, here is the weird part. The only way this works is as follows.
    > The user goes to the secured folder and of course is asked to log in.
    > At this point the logs show they are logged into IIS. The default page
    > is an HTM extension (framed with two more HTM files called within).
    > Note that if the default file has an "ASP" extension the user is asked to
    > login again, but cannot. Although now logged into IIS 5.0,
    > Windows 2000 server, via the default.htm, at this point they cannot
    > access any ASP files. If they try, they are again asked to log in.
    > However, if I have them manually click to access an HTM file
    > they can access that and then can access all ASP files and tables
    > and queries set up for them. It takes accessing another HTM file
    > before they can access any ASP files. It would seem this is a bug
    > or some kind of abberration. But hopefully it is not. Have you
    > any idea what might be going on and if there is a way to get past this
    > other than making them click on an HTM file before beginning.
    >
    > Thanks,
    > Fox
    >
    > "Sue Hoegemeier" <Sue_H@nomail.please> wrote in message
    > news:rk1bpv8kje73u5g6413hog4oqp3hnbshhj@4ax.com...
    > > SQL Server Agent isn't necessarily required. If you aren't
    > > using jobs, alerts, etc you can leave the service off.
    > > Authentication depends on how you have IIS configured.
    > > You can find more information on this subject in the
    > > following articles:
    > > INF: Authentication Methods for Connections to SQL Server in
    > > Active Server Pages
    > > http://support.microsoft.com/?id=247931
    > > INFO: Accessing SQL Server with Integrated Security from ASP
    > > http://support.microsoft.com/?id=176377
    > > The following is a good article on IIS and SQL Server 2000
    > > authentication configuration issues:
    > > http://www.win2000mag.com/articles/index.cfm?articleid=23035
    > >
    > > -Sue
    > >
    > > On Tue, 21 Oct 2003 14:53:13 -0400, "Fox" <fox @ connexions
    > > .net> wrote:
    > >
    > > >Does "Windows Only" authenthication in a SYSTEM DSN
    > > >work only on the local network or does it work for those
    > > >accessing from a website ?
    > > >
    > > >IS SQL Server Agent necessary ?
    > > >I have a simple setup with a few databases that do
    > > >nothing spectacular. I am on Windows 2000 server
    > > >and I do not use Active Directory. Most logins
    > > >are just me and my wife, locally. The only other type
    > > >of access neeeded besides public, is for a few
    > > >users who are able to select, input and delete
    > > >some info.
    > > >
    > > >Regards and thanks,
    > > >Fox
    > > >
    > > >
    > >
    >
    >


  • Next message: Jasper Smith: "Re: Simple SQL Security Question From SQL Newbie"