Djabarov, Robert
Robert.Djabarov at usaa.com
Wed Apr 30 16:53:26 CDT 2003
Windows Integrated Authentication is not based on the web box, but on the rights associated with it or through a Windows Security group on the SQL server itself. In order to incorporate a Windows Authentication on your web site you need to implement a Windows Challenge Response within your ASP/JSP page. And, it definitely does not require a VPN!
Robert Djabarov
Senior SQL Server DBA
USAA IT/DBMS
? (210) 913-3148 - phone
? (210) 753-3148 - pager
-----Original Message-----
From: Francisco H Tapia [mailto:my.lists at verizon.net]
Sent: Wednesday, April 30, 2003 4:07 PM
To: dba-sqlserver at databaseadvisors.com
Subject: Re: [dba-SQLServer]RE: [dba-VB] Trusted Connection versus What?
Arthur,
I believe that windows authentication mode would grant access based on
the rights from the box (web server) that connects to the SQL Server. You
could set up you web site to capture the loginid and pwd and ask for a
connection on the sql server using mixed mode (or sql authentication). I
don't know how you'd set it up to ask for windows login + sql server login
unless of course you set up a VPN, to which your users would connect to an
intranet that would then ask for another login and pwd.
-Francisco
http://rcm.netfirms.com
On Wednesday, April 30, 2003 1:50 PM [GMT-8],
Arthur Fuller <artful at rogers.com> wrote:
<snip>
: My vague game plan was to have a login called Anonymous with no
: password and decidely limited privileges. Then the web site can open
: the door for anyone. Other logins would correspond to employees,
: sales reps and so on, all aggregated into roles defining their
: privileges. The BOD could see reports that mere mortals couldn't. My
: Access app already does this, but now I need my .NET app to do it :-)
<snip>
_______________________________________________
dba-SQLServer mailing list
dba-SQLServer at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/dba-sqlserver
http://www.databaseadvisors.com