Francisco H Tapia
my.lists at verizon.net
Wed Apr 30 17:32:00 CDT 2003
If the Sql Server is set to windows authentication and the IIS box is hitting your sql server, I thought that "it" (the IIS server) was passing it's security context for the connection. I did not know that you could implement windows authentications from an ASP page, still then the short and quick answer for Arthur's question is you "can't" implement both sets of security in which it piggy backs one on top of the other, in this solution. Granted it does sound like a neat way to implement Windows authentication. -Francisco http://rcm.netfirms.com On Wednesday, April 30, 2003 2:53 PM [GMT-8], Djabarov, Robert <Robert.Djabarov at usaa.com> wrote: : Windows Integrated Authentication is not based on the web box, but on : the rights associated with it or through a Windows Security group on : the SQL server itself. In order to incorporate a Windows : Authentication on your web site you need to implement a Windows : Challenge Response within your ASP/JSP page. And, it definitely does : not require a VPN! : : Robert Djabarov : Senior SQL Server DBA : USAA IT/DBMS : ? (210) 913-3148 - phone : ? (210) 753-3148 - pager : : : -----Original Message----- : From: Francisco H Tapia [mailto:my.lists at verizon.net] : Sent: Wednesday, April 30, 2003 4:07 PM : To: dba-sqlserver at databaseadvisors.com : Subject: Re: [dba-SQLServer]RE: [dba-VB] Trusted Connection versus : What? : : Arthur, : I believe that windows authentication mode would grant access : based on : the rights from the box (web server) that connects to the SQL Server. : You : could set up you web site to capture the loginid and pwd and ask for a : connection on the sql server using mixed mode (or sql : authentication). I : don't know how you'd set it up to ask for windows login + sql server : login : unless of course you set up a VPN, to which your users would connect : to an : intranet that would then ask for another login and pwd. : : -Francisco : http://rcm.netfirms.com : : On Wednesday, April 30, 2003 1:50 PM [GMT-8], : Arthur Fuller <artful at rogers.com> wrote: : : <snip> :: My vague game plan was to have a login called Anonymous with no :: password and decidely limited privileges. Then the web site can open :: the door for anyone. Other logins would correspond to employees, :: sales reps and so on, all aggregated into roles defining their :: privileges. The BOD could see reports that mere mortals couldn't. My :: Access app already does this, but now I need my .NET app to do it :-) : <snip> : : : _______________________________________________ : dba-SQLServer mailing list : dba-SQLServer at databaseadvisors.com : http://databaseadvisors.com/mailman/listinfo/dba-sqlserver : http://www.databaseadvisors.com : : : : _______________________________________________ : dba-SQLServer mailing list : dba-SQLServer at databaseadvisors.com : http://databaseadvisors.com/mailman/listinfo/dba-sqlserver : http://www.databaseadvisors.com