By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
443,750 Members | 1,367 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 443,750 IT Pros & Developers. It's quick & easy.

Secure login from ASP page to SQL Server DB

P: n/a
mo
Sorry I can't be more specific, but....

I'd like to create a secure login from an ASP page to a specific SQL Server
2000 Db. Is there an accepted methodology for doing this? Are there any
resourses that show how this can be done?

Thanks for any help.

Mo
Jul 19 '05 #1
Share this Question
Share on Google+
8 Replies


P: n/a
mo wrote:
Sorry I can't be more specific, but....

I'd like to create a secure login from an ASP page to a specific SQL
Server 2000 Db. Is there an accepted methodology for doing this? Are
there any resourses that show how this can be done?

Thanks for any help.

Mo


You'll need to specify what you mean by "secure". Secure from whom? The
average user browsing to the web page? The determined hacker? The
disgruntled employee?

--
HTH,
Bob Barrows - ASP MVP
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Jul 19 '05 #2

P: n/a
mo
I mean that those trying to login to certain (asp) pages are allowed to do
so only if the credentials they are using (username & password) are
registered on a particular SQL Server 2000 db. I hope this is clear enough.

Thanks
You'll need to specify what you mean by "secure". Secure from whom? The
average user browsing to the web page? The determined hacker? The
disgruntled employee?

--
HTH,
Bob Barrows - ASP MVP
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.

Jul 19 '05 #3

P: n/a
http://www.aspfaq.com/show.asp?id=2114

--
Tom Kaminski IIS MVP
http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS
http://mvp.support.microsoft.com/
http://www.microsoft.com/windowsserv...y/centers/iis/

"mo" <m.********@nospam.qmul.ac.uk> wrote in message
news:bm**********@beta.qmul.ac.uk...
I mean that those trying to login to certain (asp) pages are allowed to do
so only if the credentials they are using (username & password) are
registered on a particular SQL Server 2000 db. I hope this is clear enough.
Thanks
You'll need to specify what you mean by "secure". Secure from whom? The
average user browsing to the web page? The determined hacker? The
disgruntled employee?

--
HTH,
Bob Barrows - ASP MVP
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.


Jul 19 '05 #4

P: n/a
mo wrote:
I mean that those trying to login to certain (asp) pages are allowed
to do so only if the credentials they are using (username & password)
are registered on a particular SQL Server 2000 db. I hope this is
clear enough.


1. Create a table of users in your sql database. Include columns for user
name, user login, security level, etc.
2. Create a SQL login/password which will be used by your connection strings
in your asp pages.
3. In IIS Mangaer, turn off Anonymous login and enable NT
Challenge/Response.
4. Create an asp page which can be #included in all the pages requiring
security. In that page, get the user's login name from the LOGON_USER
servervariable. Connect to sql using the login/password which were created
above (www.connectionstrings.com - use the OLEDB example: ODBC should be
avoided) and look up the login name in the user table. If it's there, and
the security level is correct (if you are using security levels), then
simply continue. Optionally, set a boolean variable to true if later
processes need to know if the user is approved. Otherwise, redirect to a
NotAuthorized.page.
--
HTH,
Bob Barrows - ASP MVP
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Jul 19 '05 #5

P: n/a
Tom Kaminski [MVP] wrote:
http://www.aspfaq.com/show.asp?id=2114


Damn! I forgot to check the FAQ before wasting all that time writing a
response! grrr
--
HTH,
Bob Barrows - ASP MVP
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Jul 19 '05 #6

P: n/a
"Bob Barrows" <re******@NOyahoo.SPAMcom> wrote in message
news:Oh****************@TK2MSFTNGP11.phx.gbl...
Tom Kaminski [MVP] wrote:
http://www.aspfaq.com/show.asp?id=2114


Damn! I forgot to check the FAQ before wasting all that time writing a
response! grrr


It's a very nice response though ... ; )
Jul 19 '05 #7

P: n/a
mo
Thanks very much for the help. Sounds a tad complex!

1. Create a table of users in your sql database. Include columns for user
name, user login, security level, etc.
2. Create a SQL login/password which will be used by your connection strings in your asp pages.
3. In IIS Mangaer, turn off Anonymous login and enable NT
Challenge/Response.
4. Create an asp page which can be #included in all the pages requiring
security. In that page, get the user's login name from the LOGON_USER
servervariable. Connect to sql using the login/password which were created
above (www.connectionstrings.com - use the OLEDB example: ODBC should be
avoided) and look up the login name in the user table. If it's there, and
the security level is correct (if you are using security levels), then
simply continue. Optionally, set a boolean variable to true if later
processes need to know if the user is approved. Otherwise, redirect to a
NotAuthorized.page.
--
HTH,
Bob Barrows - ASP MVP
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.

Jul 19 '05 #8

P: n/a
mo wrote:
Thanks very much for the help. Sounds a tad complex!


And I did not mention that it's only relevant for an Intranet site. See the
aspfaq article for a solution that's relevant for an internet site.

--
HTH,
Bob Barrows - ASP MVP
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Jul 19 '05 #9

This discussion thread is closed

Replies have been disabled for this discussion.