Is there a way to use ASP.NET's windows authentication so that the user that
is using our web page is the user that is connected to our SQL Server? This
will allow us to leverage our domain roles/groups. Our connection string is
below.
The options I've found so far I don't like:
1. Impersonation - sql server permissions would be granted to this single
account.
2. Granting rights to the ASP.NET user account on our SQL Server - sql
server permissions would be granted to this account.
In both cases, we could pass the name as a parameter so we can audit the
activity, but we'd really like our sql server security to be based on our
windows logins - not the rights of some other account like the impersonated
account or the ASP.NET account.
Suggestions? Thanks in advance!
Mark 4 1350
Use impersonation and disable anonymous authentication (in IIS.)
Also in IIS make sure integrated windows authentication is checked.
This way it should run under the user's account.
--
I hope this helps,
Steve C. Orr, MCSD, MVP http://Steve.Orr.net
Hire top-notch developers at http://www.able-consulting.com
"Mark" <mf****@idonotlikespam.cce.umn.edu> wrote in message
news:uz**************@tk2msftngp13.phx.gbl... Is there a way to use ASP.NET's windows authentication so that the user
that is using our web page is the user that is connected to our SQL Server?
This will allow us to leverage our domain roles/groups. Our connection string
is below.
The options I've found so far I don't like: 1. Impersonation - sql server permissions would be granted to this single account. 2. Granting rights to the ASP.NET user account on our SQL Server - sql server permissions would be granted to this account.
In both cases, we could pass the name as a parameter so we can audit the activity, but we'd really like our sql server security to be based on our windows logins - not the rights of some other account like the
impersonated account or the ASP.NET account.
Suggestions? Thanks in advance! Mark
Interesting. I will try this out, but your first sentence strikes me as
non-intuitive. Impersonation (to me) means that you're going to use an
account other than the one that is currenlty logged in. For example, if I
enter the impersonation information (see below) into the web.config, how do
I make it use the current users account, rather than some specific account?
Is there an alternative syntax?
<authentication mode="Windows" />
<identity impersonate="true" userName="domain\username"
password="password"/>
Thanks Steve.
Mark
"Steve C. Orr [MVP, MCSD]" <St***@Orr.net> wrote in message
news:%2****************@TK2MSFTNGP12.phx.gbl... Use impersonation and disable anonymous authentication (in IIS.) Also in IIS make sure integrated windows authentication is checked. This way it should run under the user's account.
-- I hope this helps, Steve C. Orr, MCSD, MVP http://Steve.Orr.net Hire top-notch developers at http://www.able-consulting.com "Mark" <mf****@idonotlikespam.cce.umn.edu> wrote in message news:uz**************@tk2msftngp13.phx.gbl... Is there a way to use ASP.NET's windows authentication so that the user that is using our web page is the user that is connected to our SQL Server? This will allow us to leverage our domain roles/groups. Our connection
string is below.
The options I've found so far I don't like: 1. Impersonation - sql server permissions would be granted to this
single account. 2. Granting rights to the ASP.NET user account on our SQL Server - sql server permissions would be granted to this account.
In both cases, we could pass the name as a parameter so we can audit the activity, but we'd really like our sql server security to be based on
our windows logins - not the rights of some other account like the impersonated account or the ASP.NET account.
Suggestions? Thanks in advance! Mark
Don't specify a particular user. Let IIS take care of that. So your
identity impersonate line should look like this:
<identity impersonate="true"/>
--
I hope this helps,
Steve C. Orr, MCSD, MVP http://Steve.Orr.net
Hire top-notch developers at http://www.able-consulting.com
"Mark" <fi**************@umn.edu> wrote in message
news:e$**************@TK2MSFTNGP12.phx.gbl... Interesting. I will try this out, but your first sentence strikes me as non-intuitive. Impersonation (to me) means that you're going to use an account other than the one that is currenlty logged in. For example, if I enter the impersonation information (see below) into the web.config, how
do I make it use the current users account, rather than some specific
account? Is there an alternative syntax?
<authentication mode="Windows" /> <identity impersonate="true" userName="domain\username" password="password"/>
Thanks Steve. Mark
"Steve C. Orr [MVP, MCSD]" <St***@Orr.net> wrote in message news:%2****************@TK2MSFTNGP12.phx.gbl... Use impersonation and disable anonymous authentication (in IIS.) Also in IIS make sure integrated windows authentication is checked. This way it should run under the user's account.
-- I hope this helps, Steve C. Orr, MCSD, MVP http://Steve.Orr.net Hire top-notch developers at http://www.able-consulting.com "Mark" <mf****@idonotlikespam.cce.umn.edu> wrote in message news:uz**************@tk2msftngp13.phx.gbl... Is there a way to use ASP.NET's windows authentication so that the
user that is using our web page is the user that is connected to our SQL Server? This will allow us to leverage our domain roles/groups. Our connection string is below.
The options I've found so far I don't like: 1. Impersonation - sql server permissions would be granted to this single account. 2. Granting rights to the ASP.NET user account on our SQL Server - sql server permissions would be granted to this account.
In both cases, we could pass the name as a parameter so we can audit
the activity, but we'd really like our sql server security to be based on
our windows logins - not the rights of some other account like the impersonated account or the ASP.NET account.
Suggestions? Thanks in advance! Mark
Slick! Thank you!
"Steve C. Orr [MVP, MCSD]" <St***@Orr.net> wrote in message
news:ud**************@TK2MSFTNGP09.phx.gbl... Don't specify a particular user. Let IIS take care of that. So your identity impersonate line should look like this: <identity impersonate="true"/>
-- I hope this helps, Steve C. Orr, MCSD, MVP http://Steve.Orr.net Hire top-notch developers at http://www.able-consulting.com "Mark" <fi**************@umn.edu> wrote in message news:e$**************@TK2MSFTNGP12.phx.gbl... Interesting. I will try this out, but your first sentence strikes me as non-intuitive. Impersonation (to me) means that you're going to use an account other than the one that is currenlty logged in. For example, if
I enter the impersonation information (see below) into the web.config, how do I make it use the current users account, rather than some specific account? Is there an alternative syntax?
<authentication mode="Windows" /> <identity impersonate="true" userName="domain\username" password="password"/>
Thanks Steve. Mark
"Steve C. Orr [MVP, MCSD]" <St***@Orr.net> wrote in message news:%2****************@TK2MSFTNGP12.phx.gbl... Use impersonation and disable anonymous authentication (in IIS.) Also in IIS make sure integrated windows authentication is checked. This way it should run under the user's account.
-- I hope this helps, Steve C. Orr, MCSD, MVP http://Steve.Orr.net Hire top-notch developers at http://www.able-consulting.com "Mark" <mf****@idonotlikespam.cce.umn.edu> wrote in message news:uz**************@tk2msftngp13.phx.gbl... > Is there a way to use ASP.NET's windows authentication so that the user that > is using our web page is the user that is connected to our SQL
Server? This > will allow us to leverage our domain roles/groups. Our connection string is > below. > > The options I've found so far I don't like: > 1. Impersonation - sql server permissions would be granted to this single > account. > 2. Granting rights to the ASP.NET user account on our SQL Server -
sql > server permissions would be granted to this account. > > In both cases, we could pass the name as a parameter so we can audit the > activity, but we'd really like our sql server security to be based
on our > windows logins - not the rights of some other account like the impersonated > account or the ASP.NET account. > > Suggestions? Thanks in advance! > Mark > >
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Bob Everland |
last post by:
I have an application that is ISAPI and the only way to
secure it is through NT permissions. I need to have a way
to login to windows authentication so that when I get to
the ISAPI application no...
|
by: Joseph Geretz |
last post by:
I'm having a credentialing problem in my web application. Actually, I don't
think this is an IIS security issue, since I'm able to access the page I'm
requesting. However, the executing page itself...
|
by: Reza |
last post by:
Hello
I tried this friday, but didn't get anywhere so trying again
Basically, I have a fixed list of people that can access the application in the Intranet, and with the policy of the company the...
|
by: Thomas Scheiderich |
last post by:
I am having a problem connecting to an Sql Server using Windows
Authentication.
I am using the following command:
server=Raptor;uid=tfs;password=tol1ee;database=ABC;Network Library =dbmssocn
...
|
by: pberna |
last post by:
Dear all,
I built a Web Form application to start and stop a Windows Service remotely.
I successful tested the application on Windows 2000 server + IIS. I must
include the ASPNET user
to the...
| |
by: mcollier |
last post by:
I am running a Windows Server 2003 machine as my web server. I would
like to use Windows authentication for connections to my SQL Server
2000 instance on a Windows 2000 server. I've read where...
|
by: Kevin Yu |
last post by:
is it possible to for user to click a logout button to logout and when the
user want to get into the system again, the user have to login again?
Kevin
|
by: Nils Magnus Englund |
last post by:
Hello,
I am having trouble using Integrated Windows Authentication between our
intranet server and our database server, both of which are on our local
domain.
Windows authentication works for...
|
by: Alice Wong |
last post by:
I am setting up my Web ASP.net application to connect to Sql server using
windows authentication.
I set up IIS to have integrated windows authenication and sql to allow
Windows authentication....
|
by: Preben Zacho |
last post by:
Hi there
The scenario I got is this: I have created a Windows application in VS and I
want to deploy it to another machine running Windows Vista. Since I have no
control over this other machine,...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
| |
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
| |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
|
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence...
| |