Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
nr
SQLTeam MVY
12543 Posts |
 Posted - 2004-11-30 : 07:31:45
|
| SQL Server 2000, IIS 6, clients mainly XP. At the moment IIS connects to the server using sql server security which means we don't know who is running things and can't implement user security on objects.We are going to change to integrated security by setting IIS to use basic security.This will pass the users login to sql server using integrated secrity but means that the user has to type the user name (and domain) and password every time they open a new window (I'm told).Is there a way of configuring it so that the user does not have to log in to IIS or only has to do it once.==========================================Cursors are useful if you don't know sql.DTS can be used in a similar way.Beer is not cold and it isn't fizzy. |
|
|
Andraax
Aged Yak Warrior
790 Posts |
Posted - 2004-11-30 : 07:40:48
|
| Hey!We have the same scenario, and use integrated security (though it's IIS 5 I think). In our case, the IIS makes you log in once per session. Once you have a session, it's logged in until it times out or you reopen the browser.I think that is the default behaviour for IIS 5 at least... /andraax |
 |
|
|
ehorn
Master Smack Fu Yak Hacker
1632 Posts |
Posted - 2004-11-30 : 07:50:24
|
| Does the db and web reside on the same box? What is web app (asp, asp.net )? |
|
|
|
nr
SQLTeam MVY
12543 Posts |
Posted - 2004-11-30 : 07:51:44
|
| Yep I think it's the way it's meant to work http://support.microsoft.com/default.aspx?scid=kb;en-us;176377It has the problem of having easily captured passwords.We thought about having sql server on the IIS machine and all calls were made to shell SPs on this server which then made a remote integrated security call to linked servers - but it would mean changin gthe shell SPs every time a SP's parameters changed (well runnning an SP to do it probably). I've done a similar thng before to change databases without downtime after a data refresh.==========================================Cursors are useful if you don't know sql.DTS can be used in a similar way.Beer is not cold and it isn't fizzy. |
|
|
|
nr
SQLTeam MVY
12543 Posts |
Posted - 2004-12-07 : 08:21:39
|
| Note in that article it says that it doesn't apply to Kerberos.A colleague found this article to force iis to use kerberos to connecthttp://support.microsoft.com/default.aspx/kb/319723.Has anyone tried this?==========================================Cursors are useful if you don't know sql.DTS can be used in a similar way.Beer is not cold and it isn't fizzy. |
|
|
|
ronstone
Starting Member
32 Posts |
Posted - 2004-12-07 : 09:51:22
|
| If using IE try adding the web server address to the client browser's Intranet zone settings. All Internet zones by default do not send domain credentials. Intranet zone sites do.There is a registry setting to auto add sites to the Intranet zone on login to the domain if you go this route. |
|
|
|
nr
SQLTeam MVY
12543 Posts |
Posted - 2004-12-07 : 10:29:52
|
| This is for an intranet - wouldn't try this with an open connection.==========================================Cursors are useful if you don't know sql.DTS can be used in a similar way.Beer is not cold and it isn't fizzy. |
|
|
|
|
|
|
SQL Server, IIS, User integrated security