|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
IIS security with user and passwords stored in databaseI am new to IIS. I have a microsoft sql server with user id and passwords
stored in it. I need to get IIS to use the sql database for authentication. 1. Is this possible? 2. If so, can someone point me to documentation or an example. Thanks On Sat, 30 Sep 2006 18:42:01 -0700, Scott Jones
<ScottJo***@discussions.microsoft.com> wrote: >I am new to IIS. I have a microsoft sql server with user id and passwords No.>stored in it. I need to get IIS to use the sql database for authentication. > > >1. Is this possible? >2. If so, can someone point me to documentation or an example. Best you can do is use ASP.NET or another technology for your loginsand security. The security in IIS is based on Windows accounts. Jeff Let me go further.
I have a tomcat application that is in my internal network. I was planning on using modJK to forward the traffic. Corp security states that the DMZ layer needs to do auth. I already have it built into the tomcat layer. So I need something like IIS and modJK in the DMZ that also does a simple auth check. I do not have the ability to use a different user storage. So I am looking for a solution that will forward the traffic and do auth. Show quoteHide quote "Jeff Cochran" wrote: > On Sat, 30 Sep 2006 18:42:01 -0700, Scott Jones > <ScottJo***@discussions.microsoft.com> wrote: > > >I am new to IIS. I have a microsoft sql server with user id and passwords > >stored in it. I need to get IIS to use the sql database for authentication. > > > > > >1. Is this possible? > > No. > > >2. If so, can someone point me to documentation or an example. > > Best you can do is use ASP.NET or another technology for your logins > and security. The security in IIS is based on Windows accounts. > > Jeff > Hi,
You can write your own ISAPI filter that looks in a database to verify credentials. Is your DMZ datastore of user credentials secure though? If that is compromised, then the attacker would have access to all the credentials for your web application... Cheers Ken Show quoteHide quote "Scott Jones" <ScottJo***@discussions.microsoft.com> wrote in message news:18688E4A-938E-46D5-AF9E-A2D33462B766@microsoft.com... > Let me go further. > I have a tomcat application that is in my internal network. I was > planning > on using modJK to forward the traffic. Corp security states that the DMZ > layer needs to do auth. I already have it built into the tomcat layer. > > So I need something like IIS and modJK in the DMZ that also does a simple > auth check. I do not have the ability to use a different user storage. > So I > am looking for a solution that will forward the traffic and do auth. > > "Jeff Cochran" wrote: > >> On Sat, 30 Sep 2006 18:42:01 -0700, Scott Jones >> <ScottJo***@discussions.microsoft.com> wrote: >> >> >I am new to IIS. I have a microsoft sql server with user id and >> >passwords >> >stored in it. I need to get IIS to use the sql database for >> >authentication. >> > >> > >> >1. Is this possible? >> >> No. >> >> >2. If so, can someone point me to documentation or an example. >> >> Best you can do is use ASP.NET or another technology for your logins >> and security. The security in IIS is based on Windows accounts. >> >> Jeff >> 
Other interesting topics
FTP maximum password attempts
Implications of a SSL site as a virtual directory rather than a root website? IIS6.0 Integrated authentication w/multiple app pools SSL entire web site IIS 6 and Anonymous on Windows Server 2003 Internet Access on an SBS 2003 Install Event ID 560 Strange CN (Common Name) format with \x00 ... pb with application pools Export Security Cert |
|||||||||||||||||||||||
