Microsoft SQL Server
 
Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
 
 
User Name:
Password:
Remember me
Go Back   ASP Free ForumsDatabaseMicrosoft SQL Server
Reload this Page

Extranet Security Setup..

Discuss Extranet Security Setup.. in the Microsoft SQL Server forum on ASP Free.
Extranet Security Setup.. Microsoft SQL Server forum discussing administration and other SQL Server related topics. MS SQL Server is used for high performance and enterprise level applications.

Reply
Add This Thread To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
« Previous Thread | Next Thread »  
Thread Tools Search this Thread Rate Thread Display Modes
 
Unread ASP Free Forums Sponsor:
  #1  
Old June 9th, 2004, 03:18 AM
bjh bjh is offline
Registered User
ASP Free Newbie (0 - 499 posts)
  
Join Date: Jun 2004
Posts: 2 bjh User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
Extranet Security Setup..
I'm creating an ASP extranet application where different users will have access to details such as work we've done for them, costs, and scheduled work.

I want to let each user view their own information, but not that of other users. All the information is stored in one database, so I was thinking of using views in SQL Server 2000 to ensure a user only sees what they are allowed to.

I envisage writing it as follows...

1) User navigates to our extranet login page.
2) User enters username/password
3) User details checked against SQL Server 2000 "logon" table, which holds, for each user:

a. ASPUserName - the username the user enters into the logon page.
b. ASPPassword - the password the user enters into the logon page.
c. DBUserName - the username the ASP page supplies as part of the database connection string.
d. DBPassword - the password the ASP page supplies as part of the database connection string.

If the details entered by the user are matched to a record on the logon table, I will set the following session variables:

a. bAuthenticated - a boolean value = true
b. sUserName = DBUserName (from the logon table)
b. sPassword = DBPassword (from the logon table)

4) For all subsequent page requests a check is made to see if the user has been authenticated (the bAuthenticated session variable will be true if they have been authenticated). If authenticated, the session variables sUserName and sPassword will be supplied in the connection string for database access. If not authenticated, then the user will be redirected to the logon page.

As far as I can see, this will work quite well. The benefits will be that we do not have to hand over the actual username and password for the database, and the use of stored procs and views can be tied down exactly how we like by setting permissions on the SQL Server user accounts.

A disadvantage may be that I have to use session variables, but this application will never have enough concurrent users for this to become an issue. Another is that I have to maintain two sets of usernames and passwords for each user.

Can anyone suggest a better way of doing this? Would you do it any differently?
Reply With Quote
Reply

Viewing: ASP Free ForumsDatabaseMicrosoft SQL Server > Extranet Security Setup..

« Previous Thread | Next Thread »

Thread Tools  Search this Thread 
Search this Thread:

Advanced Search
Display Modes  Rate This Thread 
Linear Mode Linear Mode
Rate This Thread:


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox
Forum Jump


Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
  
 





© 2003-2008 by Developer Shed. All rights reserved. DS Cluster 3 hosted by Hostway