Hi Matt,
Our IIS5.0 is a w2k server on 1 domain and our sql server 2000 is on another
w2k server on a different domain. I'm in the process of brainstorming using
Basic windows authentication on the web application folder and below that
contains the .asp pages which uses https that encrypts the whole
communication to our sql server. In the possible case that the user doesn't
have windows xp or a windows os I was just curious how they'd be able to
change their domain password since I'm trying to configure it to use windows
basic authentication to our sql server and that they should be able to
change their password frequently since our sql server contains sensitive
data. I read much on the web that windows authentication to sql server is a
better practice that sql login authentication but seems like it gets a
little trickier when the web and database servers are on different domains
which I've read is safer in general to have the sql server isolated on it's
own domain from the web server. This is why I prefer to use sql login
authentication which makes things easier in setting up, maintaining login
id's and seems easier to incorporate into .asp applications. Sorry if I
wrote too much in complicating things. I'm just wondering which is the
safer method and way for user's to change their own domain passwords.
Thanks Matt,
J
"Matt" <ma******@newsgroups.nospam> wrote in message
news:eS**************@TK2MSFTNGP03.phx.gbl...
Is it absolutely necessary for users to change their passwords via an ASP
page? You can setup Windows Authentication on an ASP application in IIS.
If a user needs to change their password they can change it the standard
way of pressing CNTRL+ALT+Delete and clicking the change password button
(Windows XP). Otherwise, you would have to create your own custom control
to enable users to change their passwords (not sure how or if that is
possible with ASP. it is with .NET though).
For IIS, setup Integrated Windows Authentication (if you do not want them
to type their username and password each time). This would also require a
Client side IE Security Setting change to automatically pass the username
and password to the trusted Intranet zone.
Or
Setup Basic Authentication in IIS (if you require users to always enter
their username and password) and specify the default domain name.
"J" <ID***********@Nowhere.com> wrote in message
news:eN**************@TK2MSFTNGP02.phx.gbl... Hello. I apologize if this isn't the appropriate group for this question
but I was wondering if it's possible to allow regular windows domain
users to change their passwords through an .asp page? I'm trying to
figure out the best way to handle domain users to log into an .asp
application tied with SQL Server 2000 on the back end since I keep
reading that windows authentication is better practice to log into SQL
Server. Thanks in advance.
J
