August 4, 2003 at 4:15 pm
I am about to re-work a web site which uses IIS 5, ASP 3 and SQL Server 2000. IIS is set up as Integrated Windows Security. Users are authenticated against a domain controller (NT 4) and in the SQL Server database, there is a Users table with the UserIDs of the persons allowed to access this intranet application - along with other permissions for the application...
This intranet site is eventually going to become a client extranet which will be accessed via the public Internet by pre-authorized clients/customers of the company. New users will have to be manually approved and then added - they can not add themselves. However, for now, the re-worked site will continue to live on the intranet - but not for long as the intention is to remove the need for VPN access to the company's network.
My guess is that SQL Server logins SHOULD be used in this case. Can anyone point me in the direction of a good resource to show how exactly to log in a user via SQL Server in ASP -OR- is it as simple as making sure that the USERID and PASSWORD entered on the Login.asp page (IF validated as a SQL Server 'user'), and if so, then use that USERID/PASSWORD for all database connection strings, for that user throughout the session?
Any ideas or tips would be greatly appreciated. I do not think that the current method of simply storing the valid users in a Users TABLE is going to be secure enough for the public Internet. But this is sort of new to me and I am seeking any and all advice.
Thanks!
August 7, 2003 at 8:00 am
This was removed by the editor as SPAM
August 8, 2003 at 2:47 am
What I feel is you can atleast do the following
1)Create a SQL Server account.This Account should having restrictive privileges i.e. appropriate rights like read and write on appropriate database objects.
2)Always open the database connection using this object.
3) If you need to keep usernames and passwords in sql server database then you could use the pwdencrypt function to encrypt the password (datatype shld be varbinary) and use pwdcompare function to check if the passwords are right.(Please read about drawbacks of using them)
I hope this helps you. Any thing else you can get back...
Relationships are like Banks.You Invest the Principal and then get the Interest.
He who knows others is learned but the wise one is one who knows himself.
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply