ISAPI Application and Integrated Security



We have a ISAPI dll that we access over Windows Integrated Security.
Everybody is allowed to acces the server in our Intranet that is a user of
our domain.
In that application we use the WindowsUsername from the users that starts a
'session' to check some security settings (stored in sql-server-tables)and
decide what we show to the user. (Options/reports/Forms/...)
Now we are thigthening our security on the sql sever and only Windows
Authentication will be allowed.
Until now the only way to run that DLL and use WA to connect to sql is to
change the user that runs the IIS-WWW service.
>From localsystem to something else.
But what if we also have a other website running on that IIS that has
nothing to do with SqlServer...

Is there another approach for this kind of security problems ??

Thx

Harry Leboeuf
Kinepolis Group


.