Hi all,
I'm looking for recommendations on the best security setup for our situation. We have a Win 2K server that will host asp.net apps that allow access to data in SQL Server 2000 running on a different Win 2K server.
This will only be used on our internal intranet. We need to be able to limit access to the database depending on the user. Some will have no access, some will be able to view data and some will be able to modify and add data. We would like to avoid having the user enter user names and passwords. I know that we can use integrated windows authentication to control access to the web pages, but I'm not sure what the best way is to authenticate to the database. Some of our users have Win2K on their computers but the majority are on NT 4 so using Kerberos and delegating credentials doesn't look like an option. Althought this would be ideal if there are any other similar solutions.
Currently, our apps are mostly VB programs that access the SQL Server db using Windows authentication. All access is controlled through execute permissions on stored procedures. Only admins have direct access to the tables.
Anyone have ideas on the best way to do this?
Thanks in advance,
Shanti
I'm looking for recommendations on the best security setup for our situation. We have a Win 2K server that will host asp.net apps that allow access to data in SQL Server 2000 running on a different Win 2K server.
This will only be used on our internal intranet. We need to be able to limit access to the database depending on the user. Some will have no access, some will be able to view data and some will be able to modify and add data. We would like to avoid having the user enter user names and passwords. I know that we can use integrated windows authentication to control access to the web pages, but I'm not sure what the best way is to authenticate to the database. Some of our users have Win2K on their computers but the majority are on NT 4 so using Kerberos and delegating credentials doesn't look like an option. Althought this would be ideal if there are any other similar solutions.
Currently, our apps are mostly VB programs that access the SQL Server db using Windows authentication. All access is controlled through execute permissions on stored procedures. Only admins have direct access to the tables.
Anyone have ideas on the best way to do this?
Thanks in advance,
Shanti