security with web-based access

Collapse
This topic is closed.
X
X
 
  • Time
  • Show
Clear All
new posts
  • Ellen K.

    security with web-based access

    First of all, I have never done any web-based stuff, so if the
    following sounds ignorant, it's because I am!

    So far all our SQL Servers are accessed only over our network and we
    use Windows authentication. Now the guy I'm working with on the
    design of our next stuff wants the two new databases (a transactional
    one and my data warehouse) to be additionally accessed by web-based
    applications via our company intranet (NOT THE INTERNET). How do we
    authenticate under these conditions? The webserver machine will be
    talking to the SQL Server ones, i.e. the databases will each be on the
    their own separate boxes. Can the webserver be a "user"? If so,
    and we want the actual users to have different privileges, then the
    web-based apps have to manage that? Or is there a way for the
    web-based apps to grab the Windows user and pass it to SQL Server?
  • Rob Wahmann

    #2
    Re: security with web-based access

    Create two new user logins and assign each login to a specific DB. They
    should be SQL authentication and the web application must have the user/pass
    specified in the connection string. If the web server is on the trusted
    network you shouldn't open any ports in a firewall. You should be set to go.

    Rob

    "Ellen K." <72322.enno.ess peeayem.1016@co mpuserve.com> wrote in message
    news:2p5d80h6m3 mfrck7mv2mkou2a 3s81mo8ut@4ax.c om...[color=blue]
    > First of all, I have never done any web-based stuff, so if the
    > following sounds ignorant, it's because I am!
    >
    > So far all our SQL Servers are accessed only over our network and we
    > use Windows authentication. Now the guy I'm working with on the
    > design of our next stuff wants the two new databases (a transactional
    > one and my data warehouse) to be additionally accessed by web-based
    > applications via our company intranet (NOT THE INTERNET). How do we
    > authenticate under these conditions? The webserver machine will be
    > talking to the SQL Server ones, i.e. the databases will each be on the
    > their own separate boxes. Can the webserver be a "user"? If so,
    > and we want the actual users to have different privileges, then the
    > web-based apps have to manage that? Or is there a way for the
    > web-based apps to grab the Windows user and pass it to SQL Server?[/color]


    Comment

    • Ellen K.

      #3
      Re: security with web-based access

      Thanks.

      On Thu, 22 Apr 2004 12:25:15 +0200, "Simon Hayes" <sql@hayes.ch >
      wrote:
      [color=blue]
      >
      >"Ellen K." <72322.enno.ess peeayem.1016@co mpuserve.com> wrote in message
      >news:2p5d80h6m 3mfrck7mv2mkou2 a3s81mo8ut@4ax. com...[color=green]
      >> First of all, I have never done any web-based stuff, so if the
      >> following sounds ignorant, it's because I am!
      >>
      >> So far all our SQL Servers are accessed only over our network and we
      >> use Windows authentication. Now the guy I'm working with on the
      >> design of our next stuff wants the two new databases (a transactional
      >> one and my data warehouse) to be additionally accessed by web-based
      >> applications via our company intranet (NOT THE INTERNET). How do we
      >> authenticate under these conditions? The webserver machine will be
      >> talking to the SQL Server ones, i.e. the databases will each be on the
      >> their own separate boxes. Can the webserver be a "user"? If so,
      >> and we want the actual users to have different privileges, then the
      >> web-based apps have to manage that? Or is there a way for the
      >> web-based apps to grab the Windows user and pass it to SQL Server?[/color]
      >
      >You might get a better response in an ASP forum (if that's the web platform
      >you're using), but I can give you some basic answers. The webserver can be a
      >user - if it uses a domain service account (just like SQL Server), then that
      >account can be an MSSQL login. In this case, you would have to manage
      >permissions entirely within your application, as the only account accessing
      >MSSQL would be the web server service account. Alternatively, some
      >combinations of web server and browser can impersonate a specific user (I
      >believe IE/IIS can do this, no idea about other possibilities), so that your
      >authenticati on would work as normal.
      >
      >Simon
      >[/color]

      Comment

      • Ellen K.

        #4
        Re: security with web-based access

        Thanks.

        On Thu, 22 Apr 2004 14:51:31 GMT, "Rob Wahmann" <rob@dotcomstud io.biz>
        wrote:
        [color=blue]
        >Create two new user logins and assign each login to a specific DB. They
        >should be SQL authentication and the web application must have the user/pass
        >specified in the connection string. If the web server is on the trusted
        >network you shouldn't open any ports in a firewall. You should be set to go.
        >
        >Rob
        >
        >"Ellen K." <72322.enno.ess peeayem.1016@co mpuserve.com> wrote in message
        >news:2p5d80h6m 3mfrck7mv2mkou2 a3s81mo8ut@4ax. com...[color=green]
        >> First of all, I have never done any web-based stuff, so if the
        >> following sounds ignorant, it's because I am!
        >>
        >> So far all our SQL Servers are accessed only over our network and we
        >> use Windows authentication. Now the guy I'm working with on the
        >> design of our next stuff wants the two new databases (a transactional
        >> one and my data warehouse) to be additionally accessed by web-based
        >> applications via our company intranet (NOT THE INTERNET). How do we
        >> authenticate under these conditions? The webserver machine will be
        >> talking to the SQL Server ones, i.e. the databases will each be on the
        >> their own separate boxes. Can the webserver be a "user"? If so,
        >> and we want the actual users to have different privileges, then the
        >> web-based apps have to manage that? Or is there a way for the
        >> web-based apps to grab the Windows user and pass it to SQL Server?[/color]
        >[/color]

        Comment

        • Simon Hayes

          #5
          Re: security with web-based access


          "Ellen K." <72322.enno.ess peeayem.1016@co mpuserve.com> wrote in message
          news:2p5d80h6m3 mfrck7mv2mkou2a 3s81mo8ut@4ax.c om...[color=blue]
          > First of all, I have never done any web-based stuff, so if the
          > following sounds ignorant, it's because I am!
          >
          > So far all our SQL Servers are accessed only over our network and we
          > use Windows authentication. Now the guy I'm working with on the
          > design of our next stuff wants the two new databases (a transactional
          > one and my data warehouse) to be additionally accessed by web-based
          > applications via our company intranet (NOT THE INTERNET). How do we
          > authenticate under these conditions? The webserver machine will be
          > talking to the SQL Server ones, i.e. the databases will each be on the
          > their own separate boxes. Can the webserver be a "user"? If so,
          > and we want the actual users to have different privileges, then the
          > web-based apps have to manage that? Or is there a way for the
          > web-based apps to grab the Windows user and pass it to SQL Server?[/color]

          You might get a better response in an ASP forum (if that's the web platform
          you're using), but I can give you some basic answers. The webserver can be a
          user - if it uses a domain service account (just like SQL Server), then that
          account can be an MSSQL login. In this case, you would have to manage
          permissions entirely within your application, as the only account accessing
          MSSQL would be the web server service account. Alternatively, some
          combinations of web server and browser can impersonate a specific user (I
          believe IE/IIS can do this, no idea about other possibilities), so that your
          authentication would work as normal.

          Simon


          Comment

          • Rob Wahmann

            #6
            Re: security with web-based access

            Create two new user logins and assign each login to a specific DB. They
            should be SQL authentication and the web application must have the user/pass
            specified in the connection string. If the web server is on the trusted
            network you shouldn't open any ports in a firewall. You should be set to go.

            Rob

            "Ellen K." <72322.enno.ess peeayem.1016@co mpuserve.com> wrote in message
            news:2p5d80h6m3 mfrck7mv2mkou2a 3s81mo8ut@4ax.c om...[color=blue]
            > First of all, I have never done any web-based stuff, so if the
            > following sounds ignorant, it's because I am!
            >
            > So far all our SQL Servers are accessed only over our network and we
            > use Windows authentication. Now the guy I'm working with on the
            > design of our next stuff wants the two new databases (a transactional
            > one and my data warehouse) to be additionally accessed by web-based
            > applications via our company intranet (NOT THE INTERNET). How do we
            > authenticate under these conditions? The webserver machine will be
            > talking to the SQL Server ones, i.e. the databases will each be on the
            > their own separate boxes. Can the webserver be a "user"? If so,
            > and we want the actual users to have different privileges, then the
            > web-based apps have to manage that? Or is there a way for the
            > web-based apps to grab the Windows user and pass it to SQL Server?[/color]


            Comment

            • Ellen K.

              #7
              Re: security with web-based access

              Thanks.

              On Thu, 22 Apr 2004 12:25:15 +0200, "Simon Hayes" <sql@hayes.ch >
              wrote:
              [color=blue]
              >
              >"Ellen K." <72322.enno.ess peeayem.1016@co mpuserve.com> wrote in message
              >news:2p5d80h6m 3mfrck7mv2mkou2 a3s81mo8ut@4ax. com...[color=green]
              >> First of all, I have never done any web-based stuff, so if the
              >> following sounds ignorant, it's because I am!
              >>
              >> So far all our SQL Servers are accessed only over our network and we
              >> use Windows authentication. Now the guy I'm working with on the
              >> design of our next stuff wants the two new databases (a transactional
              >> one and my data warehouse) to be additionally accessed by web-based
              >> applications via our company intranet (NOT THE INTERNET). How do we
              >> authenticate under these conditions? The webserver machine will be
              >> talking to the SQL Server ones, i.e. the databases will each be on the
              >> their own separate boxes. Can the webserver be a "user"? If so,
              >> and we want the actual users to have different privileges, then the
              >> web-based apps have to manage that? Or is there a way for the
              >> web-based apps to grab the Windows user and pass it to SQL Server?[/color]
              >
              >You might get a better response in an ASP forum (if that's the web platform
              >you're using), but I can give you some basic answers. The webserver can be a
              >user - if it uses a domain service account (just like SQL Server), then that
              >account can be an MSSQL login. In this case, you would have to manage
              >permissions entirely within your application, as the only account accessing
              >MSSQL would be the web server service account. Alternatively, some
              >combinations of web server and browser can impersonate a specific user (I
              >believe IE/IIS can do this, no idea about other possibilities), so that your
              >authenticati on would work as normal.
              >
              >Simon
              >[/color]

              Comment

              • Ellen K.

                #8
                Re: security with web-based access

                Thanks.

                On Thu, 22 Apr 2004 14:51:31 GMT, "Rob Wahmann" <rob@dotcomstud io.biz>
                wrote:
                [color=blue]
                >Create two new user logins and assign each login to a specific DB. They
                >should be SQL authentication and the web application must have the user/pass
                >specified in the connection string. If the web server is on the trusted
                >network you shouldn't open any ports in a firewall. You should be set to go.
                >
                >Rob
                >
                >"Ellen K." <72322.enno.ess peeayem.1016@co mpuserve.com> wrote in message
                >news:2p5d80h6m 3mfrck7mv2mkou2 a3s81mo8ut@4ax. com...[color=green]
                >> First of all, I have never done any web-based stuff, so if the
                >> following sounds ignorant, it's because I am!
                >>
                >> So far all our SQL Servers are accessed only over our network and we
                >> use Windows authentication. Now the guy I'm working with on the
                >> design of our next stuff wants the two new databases (a transactional
                >> one and my data warehouse) to be additionally accessed by web-based
                >> applications via our company intranet (NOT THE INTERNET). How do we
                >> authenticate under these conditions? The webserver machine will be
                >> talking to the SQL Server ones, i.e. the databases will each be on the
                >> their own separate boxes. Can the webserver be a "user"? If so,
                >> and we want the actual users to have different privileges, then the
                >> web-based apps have to manage that? Or is there a way for the
                >> web-based apps to grab the Windows user and pass it to SQL Server?[/color]
                >[/color]

                Comment

                Working...