June 1, 2004 at 8:17 am
I have a Win2k server with SQL Server 2000 & IIS/ASP3
Most of applications must know who's accessing, in this way I disallow anonimous access in app & allow Integrated Windows Authentication (IIS); In ASP execute this to get logon id and use it for my Sotred Procedures:
If InStr(1, Request.ServerVariables("LOGON_USER"), "\") = 0 Then User = Mid(Request.ServerVariables("LOGON_USER"), _ InStr(1, Request.ServerVariables("LOGON_USER"), "/") + 1) Else User = Mid(Request.ServerVariables("LOGON_USER"), _ InStr(1, Request.ServerVariables("LOGON_USER"), "\") + 1) End If
Once prepared I create the DB user/pass for app. and assign permissions, with this user I create the Conection String.
This has been working fine for a while, but now I have a lot of small DB users who just run ASP apps, so I decided to try Trusted Connection for SQL Server access (and avoid to use an all-kwown-password).
And here start problems, I supposed simply adding user MyServer\IUSR_MYSERVER as user in DB and granting usual permissions will allow me to use it in all apps.
His login only is needed to history and recognizing users, but not to grant access to application.
¿Some of you have been passed this?
Thanks
June 1, 2004 at 9:45 am
If you are using Windows Auth in IIS, then you add the people to the SQL SErver using their windows accounts. If you don't want AD groups, I'd at least create SQL Server roles and then add the windows accounts to these roles.
June 1, 2004 at 10:04 am
Yes, I think so. 🙁
Not wanted avoid AD groups, wanted to avoid use AD at all, except for auth IIS->SQL Server, but seems not to be possible 🙁
If I do your way, all users in AD Group/SQL Role will be able to direct access to Database bypassing app (unless I use app-roles, wich returns me to original case)
Is this last correct?
Thanks
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply