IIS, SQL SERVER 7.0

i assume that because this is an extranet scenario that security is kinda
important :-) why not auth the clients in iis and use integrated security
with sql server. that way there is no username/pwd held in the asp page.

please note that a lot of this is explained in my book.. http://marketplace.dev-archive.com/product.asp?pf_id=5654

"Micheal R. Ducharme" <portly@coolemail.com> wrote:
>
>I am in the process of developing a order entry system that will have "Intranet"
>and "Extranet" areas. The back-end is MS SQL Server 7.0 and the Front-end
>is ASP,HTML, etc.
>
>We are looking to let SQL Server do all of the security. Each user will
>have a user account on the Server. With this I will dynamically change the
>connection string to include the indiviuals username and password. Thus
letting
>the DB Server authenitcate them.
>
>Are There problems/limitations by doing this?
>
>Is there any other way to ensure the application and the data is secure.
> IUSER_Machine(anonymous) is leaving the DB too open and limits auditing.
>
>Micheal R. Ducharme

in the sql server security dialog box, click on Integrated Security. That's
it :-)

"Xin Li" <xinli1@uiuc.edu> wrote:
>
>Could you possibly elaborate on integrating IIS authentication with SQL?

>I am doing something similar, and am concerned about sending usernames and
>passwords in clear text form across the web. Granted that everything on
>the backend is accessed via very restrictive stored procedures, but still...You
>know how that old saying goes about security. Thank you very much in advance.
>
>Xin Li
>