[thelist] Pass Through authentication
Canfield, Joel
JCanfield at PacAdvantage.org
Wed Oct 12 13:24:50 CDT 2005
> SQL 2000, IIS Web Server running asp/javascript/html application.
> Goal: Have the user hit the Intranet web site and with their existing
> credential in MS Active Directory be able to access the SQL data.
>
> Looking for different ideas as how to best handle this.
In order to pass authentication from one network resource to another,
you have to use basic authentication on your web pages. (Your machine
doesn't pass 'real' authentication info to other resources on the
network, it merely passes the fact that you *are* authenticated, and the
other resource trusts your machine. Via a web page, you're using the
IUSR account which isn't even part of the 'Everyone' group, so there's a
hitch, too.)
On the web server, for the directory containing your application's web
pages, turn off anonymous and Windows auth, and turn on basic.
Set the NTFS security on the directory to allow whoever should have
access; they'll be promted to log in using their network authentication.
Use pass through auth to the SQL server. Connection string is something
like
objConn.Open "Driver={SQL Server};" & _
"Server=MyServerName;" & _
"Database=myDatabaseName;" & _
"Trusted_Connection=yes"
You'll have to allow integrated authentication on the SQL server as
well.
I've done bits of this at various times, but not the whole path. I'll be
interested in how it goes, and whether you run into other challenges.
joel
More information about the thelist
mailing list