471,108 Members | 1,296 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 471,108 software developers and data experts.

security with web-based access

First of all, I have never done any web-based stuff, so if the
following sounds ignorant, it's because I am!

So far all our SQL Servers are accessed only over our network and we
use Windows authentication. Now the guy I'm working with on the
design of our next stuff wants the two new databases (a transactional
one and my data warehouse) to be additionally accessed by web-based
applications via our company intranet (NOT THE INTERNET). How do we
authenticate under these conditions? The webserver machine will be
talking to the SQL Server ones, i.e. the databases will each be on the
their own separate boxes. Can the webserver be a "user"? If so,
and we want the actual users to have different privileges, then the
web-based apps have to manage that? Or is there a way for the
web-based apps to grab the Windows user and pass it to SQL Server?
Jul 20 '05 #1
7 1469
Create two new user logins and assign each login to a specific DB. They
should be SQL authentication and the web application must have the user/pass
specified in the connection string. If the web server is on the trusted
network you shouldn't open any ports in a firewall. You should be set to go.

Rob

"Ellen K." <72************************@compuserve.com> wrote in message
news:2p********************************@4ax.com...
First of all, I have never done any web-based stuff, so if the
following sounds ignorant, it's because I am!

So far all our SQL Servers are accessed only over our network and we
use Windows authentication. Now the guy I'm working with on the
design of our next stuff wants the two new databases (a transactional
one and my data warehouse) to be additionally accessed by web-based
applications via our company intranet (NOT THE INTERNET). How do we
authenticate under these conditions? The webserver machine will be
talking to the SQL Server ones, i.e. the databases will each be on the
their own separate boxes. Can the webserver be a "user"? If so,
and we want the actual users to have different privileges, then the
web-based apps have to manage that? Or is there a way for the
web-based apps to grab the Windows user and pass it to SQL Server?

Jul 20 '05 #2
Thanks.

On Thu, 22 Apr 2004 12:25:15 +0200, "Simon Hayes" <sq*@hayes.ch>
wrote:

"Ellen K." <72************************@compuserve.com> wrote in message
news:2p********************************@4ax.com.. .
First of all, I have never done any web-based stuff, so if the
following sounds ignorant, it's because I am!

So far all our SQL Servers are accessed only over our network and we
use Windows authentication. Now the guy I'm working with on the
design of our next stuff wants the two new databases (a transactional
one and my data warehouse) to be additionally accessed by web-based
applications via our company intranet (NOT THE INTERNET). How do we
authenticate under these conditions? The webserver machine will be
talking to the SQL Server ones, i.e. the databases will each be on the
their own separate boxes. Can the webserver be a "user"? If so,
and we want the actual users to have different privileges, then the
web-based apps have to manage that? Or is there a way for the
web-based apps to grab the Windows user and pass it to SQL Server?


You might get a better response in an ASP forum (if that's the web platform
you're using), but I can give you some basic answers. The webserver can be a
user - if it uses a domain service account (just like SQL Server), then that
account can be an MSSQL login. In this case, you would have to manage
permissions entirely within your application, as the only account accessing
MSSQL would be the web server service account. Alternatively, some
combinations of web server and browser can impersonate a specific user (I
believe IE/IIS can do this, no idea about other possibilities), so that your
authentication would work as normal.

Simon


Jul 20 '05 #3
Thanks.

On Thu, 22 Apr 2004 14:51:31 GMT, "Rob Wahmann" <ro*@dotcomstudio.biz>
wrote:
Create two new user logins and assign each login to a specific DB. They
should be SQL authentication and the web application must have the user/pass
specified in the connection string. If the web server is on the trusted
network you shouldn't open any ports in a firewall. You should be set to go.

Rob

"Ellen K." <72************************@compuserve.com> wrote in message
news:2p********************************@4ax.com.. .
First of all, I have never done any web-based stuff, so if the
following sounds ignorant, it's because I am!

So far all our SQL Servers are accessed only over our network and we
use Windows authentication. Now the guy I'm working with on the
design of our next stuff wants the two new databases (a transactional
one and my data warehouse) to be additionally accessed by web-based
applications via our company intranet (NOT THE INTERNET). How do we
authenticate under these conditions? The webserver machine will be
talking to the SQL Server ones, i.e. the databases will each be on the
their own separate boxes. Can the webserver be a "user"? If so,
and we want the actual users to have different privileges, then the
web-based apps have to manage that? Or is there a way for the
web-based apps to grab the Windows user and pass it to SQL Server?


Jul 20 '05 #4

"Ellen K." <72************************@compuserve.com> wrote in message
news:2p********************************@4ax.com...
First of all, I have never done any web-based stuff, so if the
following sounds ignorant, it's because I am!

So far all our SQL Servers are accessed only over our network and we
use Windows authentication. Now the guy I'm working with on the
design of our next stuff wants the two new databases (a transactional
one and my data warehouse) to be additionally accessed by web-based
applications via our company intranet (NOT THE INTERNET). How do we
authenticate under these conditions? The webserver machine will be
talking to the SQL Server ones, i.e. the databases will each be on the
their own separate boxes. Can the webserver be a "user"? If so,
and we want the actual users to have different privileges, then the
web-based apps have to manage that? Or is there a way for the
web-based apps to grab the Windows user and pass it to SQL Server?


You might get a better response in an ASP forum (if that's the web platform
you're using), but I can give you some basic answers. The webserver can be a
user - if it uses a domain service account (just like SQL Server), then that
account can be an MSSQL login. In this case, you would have to manage
permissions entirely within your application, as the only account accessing
MSSQL would be the web server service account. Alternatively, some
combinations of web server and browser can impersonate a specific user (I
believe IE/IIS can do this, no idea about other possibilities), so that your
authentication would work as normal.

Simon
Jul 20 '05 #5
Create two new user logins and assign each login to a specific DB. They
should be SQL authentication and the web application must have the user/pass
specified in the connection string. If the web server is on the trusted
network you shouldn't open any ports in a firewall. You should be set to go.

Rob

"Ellen K." <72************************@compuserve.com> wrote in message
news:2p********************************@4ax.com...
First of all, I have never done any web-based stuff, so if the
following sounds ignorant, it's because I am!

So far all our SQL Servers are accessed only over our network and we
use Windows authentication. Now the guy I'm working with on the
design of our next stuff wants the two new databases (a transactional
one and my data warehouse) to be additionally accessed by web-based
applications via our company intranet (NOT THE INTERNET). How do we
authenticate under these conditions? The webserver machine will be
talking to the SQL Server ones, i.e. the databases will each be on the
their own separate boxes. Can the webserver be a "user"? If so,
and we want the actual users to have different privileges, then the
web-based apps have to manage that? Or is there a way for the
web-based apps to grab the Windows user and pass it to SQL Server?

Jul 20 '05 #6
Thanks.

On Thu, 22 Apr 2004 12:25:15 +0200, "Simon Hayes" <sq*@hayes.ch>
wrote:

"Ellen K." <72************************@compuserve.com> wrote in message
news:2p********************************@4ax.com.. .
First of all, I have never done any web-based stuff, so if the
following sounds ignorant, it's because I am!

So far all our SQL Servers are accessed only over our network and we
use Windows authentication. Now the guy I'm working with on the
design of our next stuff wants the two new databases (a transactional
one and my data warehouse) to be additionally accessed by web-based
applications via our company intranet (NOT THE INTERNET). How do we
authenticate under these conditions? The webserver machine will be
talking to the SQL Server ones, i.e. the databases will each be on the
their own separate boxes. Can the webserver be a "user"? If so,
and we want the actual users to have different privileges, then the
web-based apps have to manage that? Or is there a way for the
web-based apps to grab the Windows user and pass it to SQL Server?


You might get a better response in an ASP forum (if that's the web platform
you're using), but I can give you some basic answers. The webserver can be a
user - if it uses a domain service account (just like SQL Server), then that
account can be an MSSQL login. In this case, you would have to manage
permissions entirely within your application, as the only account accessing
MSSQL would be the web server service account. Alternatively, some
combinations of web server and browser can impersonate a specific user (I
believe IE/IIS can do this, no idea about other possibilities), so that your
authentication would work as normal.

Simon


Jul 20 '05 #7
Thanks.

On Thu, 22 Apr 2004 14:51:31 GMT, "Rob Wahmann" <ro*@dotcomstudio.biz>
wrote:
Create two new user logins and assign each login to a specific DB. They
should be SQL authentication and the web application must have the user/pass
specified in the connection string. If the web server is on the trusted
network you shouldn't open any ports in a firewall. You should be set to go.

Rob

"Ellen K." <72************************@compuserve.com> wrote in message
news:2p********************************@4ax.com.. .
First of all, I have never done any web-based stuff, so if the
following sounds ignorant, it's because I am!

So far all our SQL Servers are accessed only over our network and we
use Windows authentication. Now the guy I'm working with on the
design of our next stuff wants the two new databases (a transactional
one and my data warehouse) to be additionally accessed by web-based
applications via our company intranet (NOT THE INTERNET). How do we
authenticate under these conditions? The webserver machine will be
talking to the SQL Server ones, i.e. the databases will each be on the
their own separate boxes. Can the webserver be a "user"? If so,
and we want the actual users to have different privileges, then the
web-based apps have to manage that? Or is there a way for the
web-based apps to grab the Windows user and pass it to SQL Server?


Jul 20 '05 #8

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

4 posts views Thread by Ashish | last post: by
1 post views Thread by Dave | last post: by
4 posts views Thread by Henrik Skak Pedersen | last post: by
reply views Thread by alf | last post: by
1 post views Thread by =?Utf-8?B?TWFuanJlZSBHYXJn?= | last post: by
5 posts views Thread by VictorG | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.