K
Kalvin
I see this message posted a lot, but not a lot of responses. I am
quite stumped. Here is my situation: I have a web server, a SQL
Server (on a different machine). I need clients, all on the same
domain as the web server and SQL server, to be able to run the web
application, loggin the user into the SQL Server and get the
information they need. From what I am reading, by using NTLM, our
users can only get one hop, they can't log into the SQL Server from
the web server. I can live with that, so we were going to use
Anonymous access in IIS, let that account log into the SQL Server,
then use the credentials of the user and check a table of allowed
users to make sure they should be using this particular web
application. And of course, that doesn't work either. If anonymous
access is enable in IIS, then the user credentials don't appear to
come across. I'm sure I am doing something wrong. I can't imagine
that Microsoft would make this so difficult to perform what is surely
a very common, very necessary task for any company with more than 2 or
3 people working in it. I would like to move more internal apps to
ASP.NET, but without being able to have any kind of security, this
just isn't logical.
Please help me. I need a solution to this most perplexing problem.
Thank you in advance.
Kalvin
quite stumped. Here is my situation: I have a web server, a SQL
Server (on a different machine). I need clients, all on the same
domain as the web server and SQL server, to be able to run the web
application, loggin the user into the SQL Server and get the
information they need. From what I am reading, by using NTLM, our
users can only get one hop, they can't log into the SQL Server from
the web server. I can live with that, so we were going to use
Anonymous access in IIS, let that account log into the SQL Server,
then use the credentials of the user and check a table of allowed
users to make sure they should be using this particular web
application. And of course, that doesn't work either. If anonymous
access is enable in IIS, then the user credentials don't appear to
come across. I'm sure I am doing something wrong. I can't imagine
that Microsoft would make this so difficult to perform what is surely
a very common, very necessary task for any company with more than 2 or
3 people working in it. I would like to move more internal apps to
ASP.NET, but without being able to have any kind of security, this
just isn't logical.
Please help me. I need a solution to this most perplexing problem.
Thank you in advance.
Kalvin