mo wrote:
I mean that those trying to login to certain (asp) pages are allowed
to do so only if the credentials they are using (username & password)
are registered on a particular SQL Server 2000 db. I hope this is
clear enough.
1. Create a table of users in your sql database. Include columns for user
name, user login, security level, etc.
2. Create a SQL login/password which will be used by your connection strings
in your asp pages.
3. In IIS Mangaer, turn off Anonymous login and enable NT
Challenge/Response.
4. Create an asp page which can be #included in all the pages requiring
security. In that page, get the user's login name from the LOGON_USER
servervariable. Connect to sql using the login/password which were created
above (
www.connectionstrings.com - use the OLEDB example: ODBC should be
avoided) and look up the login name in the user table. If it's there, and
the security level is correct (if you are using security levels), then
simply continue. Optionally, set a boolean variable to true if later
processes need to know if the user is approved. Otherwise, redirect to a
NotAuthorized.page.
--
HTH,
Bob Barrows - ASP MVP
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.