Ask a Question related to ASP.NET Security, Design and Development.
-
lajuan #1
Windows User Login Guidance
Hi all!
I need some guidance. We have a Windows 2003 server that's connected
to a SQL Server running on Windows 2K and I'd like for the users to be
able to connect to info in SQL based on their Active Directory user
info (just like the OMA interface offered on our Exchange server that
gives users the ability to check their email from home). So basically,
I want them to have the same access to SQL that they would if they were
on our intranet if they were at home. I've read about Logon API's,
creating COM+ components, and lsaLogonUSer, but it seems like there
would be a simpler more secure way for the user to be prompted to login
(like the OMA!!) and for that login to match SQL's CURRENT_USER
function. Can anyone point me in the right direction?
TIA,
John
--
lajuan
------------------------------------------------------------------------
Posted via [url]http://www.codecomments.com[/url]
------------------------------------------------------------------------
lajuan Guest
-
Login User from Novell Login
Hi, At present a user loggin onto our netwok enters their username and password by a Novell Login prompt. When they fire up their browser they... -
user and admin login on same login page
Hello, I have a user login page which also doubles as my administrator login. Currently, my method of logging in doesnt seem to be working... -
Login User User Error 80040e21
I am getting an 80040e21 error using the log in user server behavior. The complete error message is Microsoft OLE DB Provider for SQL Server... -
User changing something on a form makes asp.net take user to login page
Hi, I have an application that displays the database table records on the web page, the user can navigate thru the contents and make changes and... -
How to detect Windows 2kXP/NT user login
I have a problem with embeded font. However my problem is solved by replacing all text/field embeded font to the system font. But, if user login as... -
Ken Schaefer #2 Re: Windows User Login Guidance
You can have the user's Windows identity flow through to SQL Server natively
by using a "trusted connection" if you want, but you'll need to configure
delegation, ensure that Kerberos is being used throughout, and you'll defeat
connection pooling (because there willl be a pool for each user connecting
through to SQL Server).
Cheers
Ken
--
Blog: [url]www.adopenstatic.com/cs/blogs/ken/[/url]
Web: [url]www.adopenstatic.com[/url]
"lajuan" <lajuan.1ov0hz@mail.codecomments.com> wrote in message
news:lajuan.1ov0hz@mail.codecomments.com...
:
: Hi all!
: I need some guidance. We have a Windows 2003 server that's connected
: to a SQL Server running on Windows 2K and I'd like for the users to be
: able to connect to info in SQL based on their Active Directory user
: info (just like the OMA interface offered on our Exchange server that
: gives users the ability to check their email from home). So basically,
: I want them to have the same access to SQL that they would if they were
: on our intranet if they were at home. I've read about Logon API's,
: creating COM+ components, and lsaLogonUSer, but it seems like there
: would be a simpler more secure way for the user to be prompted to login
: (like the OMA!!) and for that login to match SQL's CURRENT_USER
: function. Can anyone point me in the right direction?
: TIA,
: John
:
:
:
: --
: lajuan
: ------------------------------------------------------------------------
: Posted via [url]http://www.codecomments.com[/url]
: ------------------------------------------------------------------------
:
Ken Schaefer Guest
-
lajuan #3 Windows User Login Guidance
Thanks for the reply, Ken. The loss of connection pooling shouldn't b
a problem because there will be a max of 5 users at one time at most.
How do I ensure that Kerberos is being used thoughout (could you poin
me to some documentation?).
Thanks again,
Joh
-
lajua
-----------------------------------------------------------------------
Posted via [url]http://www.codecomments.co[/url]
-----------------------------------------------------------------------
lajuan Guest
-
Ken Schaefer #4 Re: Windows User Login Guidance
There's a number of things (off the top of my head, there could be more):
a) IIS must send back WWW-Authenticate: Negotiate header
b) IE must see the site in the Intranet or Trusted Sites zone
c) IE must be able to contact a domain controller to get TGT and service
ticket (so, firewalls usually block this)
d) Enable Integrated Windows Authentication must be ticked in IE
e) If you are accessing the IIS website by something other than the NetBIOS
name, or the web app pool is using a non-default identity, you probably need
to configure an SPN (Service Principle Name) using SetSPN.exe
f) Webserver must be marked as trusted for delegation in AD
This document covers most (if not all) of this stuff:
[url]http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/tkerbdel.mspx[/url]
Cheers
Ken
--
Blog: [url]www.adopenstatic.com/cs/blogs/ken/[/url]
Web: [url]www.adopenstatic.com[/url]
"lajuan" <lajuan.1ovxtx@mail.codecomments.com> wrote in message
news:lajuan.1ovxtx@mail.codecomments.com...
:
: Thanks for the reply, Ken. The loss of connection pooling shouldn't be
: a problem because there will be a max of 5 users at one time at most.
: How do I ensure that Kerberos is being used thoughout (could you point
: me to some documentation?).
: Thanks again,
: John
:
:
:
: --
: lajuan
: ------------------------------------------------------------------------
: Posted via [url]http://www.codecomments.com[/url]
: ------------------------------------------------------------------------
:
Ken Schaefer Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
