March 4, 2002 at 3:05 am
Hey people,
The InterDev developers here claim that you cannot create a Trusted Connection to a SQL Server Database through ADO. Is this the case? Unfortunately, I do not have any code samples...(working from home today!).
If you can connect to SQL Server through ADO is it possible to point me to an example link or post a piece of code?
Thanks in advance,
Clive
March 4, 2002 at 4:32 am
It requires that the base pages themselves use Windows Authentication for you to be able to use a trusted connection. That is because the user is otherwise passed as Anonymous and SQL cannot process. If you are using Windows Auth on the web page when a user logs in their server side security identity is changed to that of their login which is passed to SQL. Then here is what my Connection string looks like:
"Provider=SQLOLEDB.1;Integrated Security=SSPI;Persist Security Info=False;Initial Catalog=DBName;Data Source=IPOrServerName"
"Don't roll your eyes at me. I will tape them in place." (Teacher on Boston Public)
March 4, 2002 at 7:16 am
I know we don't use NT authentication for any of our stuff on the web, its all SQL login driven. NT is viable if you're just on the intranet, but once you need to give customers/vendors access it's too difficult to maintain (and probably not a good idea anyway). So rather than have some one way and some the other, everything is SQL login.
Andy
March 4, 2002 at 7:43 am
From the Microsoft Security Checklist, if the web server is exposed to the outside (Internet), it should be in its own workgroup. What that accomplishes is even if someone were to compromise the web server, they have no rights in the domain(s) used internally. As a result, along with what Andy has said, SQL Server logins are the only option. This is something Microsoft doesn't discuss very well when describing "best practices" with respect to authenticating to SQL Server.
K. Brian Kelley
http://www.sqlservercentral.com/columnists/bkelley/
K. Brian Kelley
@kbriankelley
March 4, 2002 at 9:45 am
The biggest problem with NT auth is the ports required. These are often blocked by firewalls (for good reasons).
We have made trusted connections from a web server to a db server, but you have to specify the domain/user, which leaves you open to security holes and is essentially the same as a SQL login.
Steve Jones
March 4, 2002 at 10:29 am
Hi all,
Thanks for your responses so far!
These servers are only for intranet development.
Thanks,
Clive
Clive Strong
March 4, 2002 at 7:28 pm
We are inhouse Intranet apps. For us we keep the SQL Servers and Web Servers in the same domain that way we can acces thru trusted connections and not have the servers on the same box.
"Don't roll your eyes at me. I will tape them in place." (Teacher on Boston Public)
Viewing 7 posts - 1 through 6 (of 6 total)
You must be logged in to reply to this topic. Login to reply