[dba-SQLServer]RE: [dba-VB] Trusted Connection versus What?

Arthur Fuller artful at rogers.com
Thu May 1 07:43:43 CDT 2003 

Thanks Robert and Francisco, now I have NO idea what I should do! :-) In
fact I have also lost track of what a trusted connection is, and what a
challenge-response is. Let me re-ask the original question (which,
incidentally, concerns getting the IBuySpy portal and store samples running.
It seems that I have at least two choices:

1. Change the server settings to use Windows authentication. If I do this,
does that mean I must create a Windows security group and then add any users
that I expect to hit the box? (That's ok, this is development stuff so there
will only be me and a couple of fictional users, but I've never done it
before.)

2. Change the connection string to embed a password and uid and lose the
trusted connection part of the string.

Am I on the right track?


Arthur

P.S.

In my current configuration, SQL Server, IIS and the .NET Framework are all
on the same box. But I have two other boxes available, both running SQL 2000
as well, so I could move the databases to one of those instead, if that
would help.

-----Original Message-----
From: dba-sqlserver-bounces at databaseadvisors.com
[mailto:dba-sqlserver-bounces at databaseadvisors.com] On Behalf Of Francisco H
Tapia
Sent: April 30, 2003 6:32 PM
To: dba-sqlserver at databaseadvisors.com
Subject: Re: [dba-SQLServer]RE: [dba-VB] Trusted Connection versus What?


If the Sql Server is set to windows authentication and the IIS box is
hitting your sql server, I thought that "it" (the IIS server) was passing
it's security context for the connection.  I did not know that you could
implement windows authentications from an ASP page, still then the short and
quick answer for Arthur's question is you "can't" implement both sets of
security in which it piggy backs one on top of the other, in this solution.
Granted it does sound like a neat way to implement Windows authentication.

-Francisco
http://rcm.netfirms.com

On Wednesday, April 30, 2003 2:53 PM [GMT-8],
Djabarov, Robert <Robert.Djabarov at usaa.com> wrote:

: Windows Integrated Authentication is not based on the web box, but on
: the rights associated with it or through a Windows Security group on
: the SQL server itself.  In order to incorporate a Windows
: Authentication on your web site you need to implement a Windows
: Challenge Response within your ASP/JSP page.  And, it definitely does
: not require a VPN!
:
: Robert Djabarov
: Senior SQL Server DBA
: USAA IT/DBMS
: ? (210) 913-3148 - phone
: ? (210) 753-3148 - pager
:
:
:  -----Original Message-----
: From: Francisco H Tapia [mailto:my.lists at verizon.net]
: Sent: Wednesday, April 30, 2003 4:07 PM
: To: dba-sqlserver at databaseadvisors.com
: Subject: Re: [dba-SQLServer]RE: [dba-VB] Trusted Connection versus
: What?
:
: Arthur,
:     I believe that windows authentication mode would grant access
: based on
: the rights from the box (web server) that connects to the SQL Server.
: You
: could set up you web site to capture the loginid and pwd and ask for a
: connection on the sql server using mixed mode (or sql
: authentication).  I
: don't know how you'd set it up to ask for windows login + sql server
: login
: unless of course you set up a VPN, to which your users would connect
: to an
: intranet that would then ask for another login and pwd.
:
: -Francisco
: http://rcm.netfirms.com
:
: On Wednesday, April 30, 2003 1:50 PM [GMT-8],
: Arthur Fuller <artful at rogers.com> wrote:
:
: <snip>
:: My vague game plan was to have a login called Anonymous with no
:: password and decidely limited privileges. Then the web site can open
:: the door for anyone. Other logins would correspond to employees,
:: sales reps and so on, all aggregated into roles defining their
:: privileges. The BOD could see reports that mere mortals couldn't. My
:: Access app already does this, but now I need my .NET app to do it :-)
: <snip>
:
:
: _______________________________________________
: dba-SQLServer mailing list
: dba-SQLServer at databaseadvisors.com
: http://databaseadvisors.com/mailman/listinfo/dba-sqlserver
: http://www.databaseadvisors.com
:
:
:
: _______________________________________________
: dba-SQLServer mailing list
: dba-SQLServer at databaseadvisors.com
: http://databaseadvisors.com/mailman/listinfo/dba-sqlserver
: http://www.databaseadvisors.com


_______________________________________________
dba-SQLServer mailing list
dba-SQLServer at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/dba-sqlserver
http://www.databaseadvisors.com

More information about the dba-SQLServer mailing list