473,320 Members | 2,110 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Secure login from ASP page to SQL Server DB

mo
Sorry I can't be more specific, but....

I'd like to create a secure login from an ASP page to a specific SQL Server
2000 Db. Is there an accepted methodology for doing this? Are there any
resourses that show how this can be done?

Thanks for any help.

Mo
Jul 19 '05 #1
8 9838
mo wrote:
Sorry I can't be more specific, but....

I'd like to create a secure login from an ASP page to a specific SQL
Server 2000 Db. Is there an accepted methodology for doing this? Are
there any resourses that show how this can be done?

Thanks for any help.

Mo


You'll need to specify what you mean by "secure". Secure from whom? The
average user browsing to the web page? The determined hacker? The
disgruntled employee?

--
HTH,
Bob Barrows - ASP MVP
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Jul 19 '05 #2
mo
I mean that those trying to login to certain (asp) pages are allowed to do
so only if the credentials they are using (username & password) are
registered on a particular SQL Server 2000 db. I hope this is clear enough.

Thanks
You'll need to specify what you mean by "secure". Secure from whom? The
average user browsing to the web page? The determined hacker? The
disgruntled employee?

--
HTH,
Bob Barrows - ASP MVP
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.

Jul 19 '05 #3
http://www.aspfaq.com/show.asp?id=2114

--
Tom Kaminski IIS MVP
http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS
http://mvp.support.microsoft.com/
http://www.microsoft.com/windowsserv...y/centers/iis/

"mo" <m.********@nospam.qmul.ac.uk> wrote in message
news:bm**********@beta.qmul.ac.uk...
I mean that those trying to login to certain (asp) pages are allowed to do
so only if the credentials they are using (username & password) are
registered on a particular SQL Server 2000 db. I hope this is clear enough.
Thanks
You'll need to specify what you mean by "secure". Secure from whom? The
average user browsing to the web page? The determined hacker? The
disgruntled employee?

--
HTH,
Bob Barrows - ASP MVP
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.


Jul 19 '05 #4
mo wrote:
I mean that those trying to login to certain (asp) pages are allowed
to do so only if the credentials they are using (username & password)
are registered on a particular SQL Server 2000 db. I hope this is
clear enough.


1. Create a table of users in your sql database. Include columns for user
name, user login, security level, etc.
2. Create a SQL login/password which will be used by your connection strings
in your asp pages.
3. In IIS Mangaer, turn off Anonymous login and enable NT
Challenge/Response.
4. Create an asp page which can be #included in all the pages requiring
security. In that page, get the user's login name from the LOGON_USER
servervariable. Connect to sql using the login/password which were created
above (www.connectionstrings.com - use the OLEDB example: ODBC should be
avoided) and look up the login name in the user table. If it's there, and
the security level is correct (if you are using security levels), then
simply continue. Optionally, set a boolean variable to true if later
processes need to know if the user is approved. Otherwise, redirect to a
NotAuthorized.page.
--
HTH,
Bob Barrows - ASP MVP
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Jul 19 '05 #5
Tom Kaminski [MVP] wrote:
http://www.aspfaq.com/show.asp?id=2114


Damn! I forgot to check the FAQ before wasting all that time writing a
response! grrr
--
HTH,
Bob Barrows - ASP MVP
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Jul 19 '05 #6
"Bob Barrows" <re******@NOyahoo.SPAMcom> wrote in message
news:Oh****************@TK2MSFTNGP11.phx.gbl...
Tom Kaminski [MVP] wrote:
http://www.aspfaq.com/show.asp?id=2114


Damn! I forgot to check the FAQ before wasting all that time writing a
response! grrr


It's a very nice response though ... ; )
Jul 19 '05 #7
mo
Thanks very much for the help. Sounds a tad complex!

1. Create a table of users in your sql database. Include columns for user
name, user login, security level, etc.
2. Create a SQL login/password which will be used by your connection strings in your asp pages.
3. In IIS Mangaer, turn off Anonymous login and enable NT
Challenge/Response.
4. Create an asp page which can be #included in all the pages requiring
security. In that page, get the user's login name from the LOGON_USER
servervariable. Connect to sql using the login/password which were created
above (www.connectionstrings.com - use the OLEDB example: ODBC should be
avoided) and look up the login name in the user table. If it's there, and
the security level is correct (if you are using security levels), then
simply continue. Optionally, set a boolean variable to true if later
processes need to know if the user is approved. Otherwise, redirect to a
NotAuthorized.page.
--
HTH,
Bob Barrows - ASP MVP
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.

Jul 19 '05 #8
mo wrote:
Thanks very much for the help. Sounds a tad complex!


And I did not mention that it's only relevant for an Intranet site. See the
aspfaq article for a solution that's relevant for an internet site.

--
HTH,
Bob Barrows - ASP MVP
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Jul 19 '05 #9

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

6
by: Sarah Tanembaum | last post by:
I was wondering if it is possible to create a secure database system using RDBMS(MySQL, Oracle, SQL*Server, PostgreSQL etc) and web scripting/programming language(Perl, PHP, Ruby, Java, ASP, etc)...
3
by: Aaron | last post by:
Hey, I have a question about how secure the following will be.... I want to have a login form that posts to itself, so when it loads it checks if there is a username and password on the query...
18
by: | last post by:
Please help. After a number of wrong turns and experiments I need advice on login management system to secure our web pages without inconveniencing our visitors or our internal staff. What I...
0
by: | last post by:
Which of these scenarios is better: A -- User Registers and is returned to the login screen to test his new username ie (email address). A login script checks user name against database....
2
by: Nath | last post by:
I know this may not be the best place to post this, but it's a start. I am new to writing web pages, and am writing a mysql driven website. I want to know how to setup a login page so a user only...
6
by: Billy Jacobs | last post by:
I have a website which has both secure and non-secure pages. I want to uses forms authentication. How do I accomplish this? Originally I had my web.config file in the root with Forms...
1
by: sharp2037 | last post by:
Hi Everyone, I am working on an ASP.net application and I have a homepage to which everyone visits of course and on that front page I have a user ID and password box and a login button. What...
2
by: Timbo | last post by:
Hello all, I have created a secure folder on my web server and created a user and password that can access it. So when you navigate to a page/file within this folder the login box appears. ...
8
by: Harris Kosmidhs | last post by:
Hello, while I'm developing sites for some time I never coded a login form with security in mind. I was wondering what guidelines there are. For my point of view I'm thinking of using md5...
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
0
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.