469,950 Members | 2,321 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,950 developers. It's quick & easy.

Secure login from ASP page to SQL Server DB

mo
Sorry I can't be more specific, but....

I'd like to create a secure login from an ASP page to a specific SQL Server
2000 Db. Is there an accepted methodology for doing this? Are there any
resourses that show how this can be done?

Thanks for any help.

Mo
Jul 19 '05 #1
8 9678
mo wrote:
Sorry I can't be more specific, but....

I'd like to create a secure login from an ASP page to a specific SQL
Server 2000 Db. Is there an accepted methodology for doing this? Are
there any resourses that show how this can be done?

Thanks for any help.

Mo


You'll need to specify what you mean by "secure". Secure from whom? The
average user browsing to the web page? The determined hacker? The
disgruntled employee?

--
HTH,
Bob Barrows - ASP MVP
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Jul 19 '05 #2
mo
I mean that those trying to login to certain (asp) pages are allowed to do
so only if the credentials they are using (username & password) are
registered on a particular SQL Server 2000 db. I hope this is clear enough.

Thanks
You'll need to specify what you mean by "secure". Secure from whom? The
average user browsing to the web page? The determined hacker? The
disgruntled employee?

--
HTH,
Bob Barrows - ASP MVP
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.

Jul 19 '05 #3
http://www.aspfaq.com/show.asp?id=2114

--
Tom Kaminski IIS MVP
http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS
http://mvp.support.microsoft.com/
http://www.microsoft.com/windowsserv...y/centers/iis/

"mo" <m.********@nospam.qmul.ac.uk> wrote in message
news:bm**********@beta.qmul.ac.uk...
I mean that those trying to login to certain (asp) pages are allowed to do
so only if the credentials they are using (username & password) are
registered on a particular SQL Server 2000 db. I hope this is clear enough.
Thanks
You'll need to specify what you mean by "secure". Secure from whom? The
average user browsing to the web page? The determined hacker? The
disgruntled employee?

--
HTH,
Bob Barrows - ASP MVP
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.


Jul 19 '05 #4
mo wrote:
I mean that those trying to login to certain (asp) pages are allowed
to do so only if the credentials they are using (username & password)
are registered on a particular SQL Server 2000 db. I hope this is
clear enough.


1. Create a table of users in your sql database. Include columns for user
name, user login, security level, etc.
2. Create a SQL login/password which will be used by your connection strings
in your asp pages.
3. In IIS Mangaer, turn off Anonymous login and enable NT
Challenge/Response.
4. Create an asp page which can be #included in all the pages requiring
security. In that page, get the user's login name from the LOGON_USER
servervariable. Connect to sql using the login/password which were created
above (www.connectionstrings.com - use the OLEDB example: ODBC should be
avoided) and look up the login name in the user table. If it's there, and
the security level is correct (if you are using security levels), then
simply continue. Optionally, set a boolean variable to true if later
processes need to know if the user is approved. Otherwise, redirect to a
NotAuthorized.page.
--
HTH,
Bob Barrows - ASP MVP
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Jul 19 '05 #5
Tom Kaminski [MVP] wrote:
http://www.aspfaq.com/show.asp?id=2114


Damn! I forgot to check the FAQ before wasting all that time writing a
response! grrr
--
HTH,
Bob Barrows - ASP MVP
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Jul 19 '05 #6
"Bob Barrows" <re******@NOyahoo.SPAMcom> wrote in message
news:Oh****************@TK2MSFTNGP11.phx.gbl...
Tom Kaminski [MVP] wrote:
http://www.aspfaq.com/show.asp?id=2114


Damn! I forgot to check the FAQ before wasting all that time writing a
response! grrr


It's a very nice response though ... ; )
Jul 19 '05 #7
mo
Thanks very much for the help. Sounds a tad complex!

1. Create a table of users in your sql database. Include columns for user
name, user login, security level, etc.
2. Create a SQL login/password which will be used by your connection strings in your asp pages.
3. In IIS Mangaer, turn off Anonymous login and enable NT
Challenge/Response.
4. Create an asp page which can be #included in all the pages requiring
security. In that page, get the user's login name from the LOGON_USER
servervariable. Connect to sql using the login/password which were created
above (www.connectionstrings.com - use the OLEDB example: ODBC should be
avoided) and look up the login name in the user table. If it's there, and
the security level is correct (if you are using security levels), then
simply continue. Optionally, set a boolean variable to true if later
processes need to know if the user is approved. Otherwise, redirect to a
NotAuthorized.page.
--
HTH,
Bob Barrows - ASP MVP
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.

Jul 19 '05 #8
mo wrote:
Thanks very much for the help. Sounds a tad complex!


And I did not mention that it's only relevant for an Intranet site. See the
aspfaq article for a solution that's relevant for an internet site.

--
HTH,
Bob Barrows - ASP MVP
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Jul 19 '05 #9

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

6 posts views Thread by Sarah Tanembaum | last post: by
2 posts views Thread by Nath | last post: by
1 post views Thread by sharp2037 | last post: by
2 posts views Thread by Timbo | last post: by
8 posts views Thread by Harris Kosmidhs | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.