Re: NT vs SQ Server Authentication

Tech-Archive recommends: Speed Up your PC by fixing your registry

From: Tibor Karaszi (tibor_please.no.email_karaszi_at_hotmail.nomail.com)
Date: 08/26/04 

Date: Thu, 26 Aug 2004 21:54:22 +0200

> In addition to that, I
> beleive(could be wrong) that its tough to use WINNT auth
> for a web site?

In many cases you don't. Just imagine when you go to dell.com (assuming that their web servers actually hit
their SQL Servers). You don't do a Windows login against dell.com.

It is possible, however. I'm no authentication expert, but as I understand it, you need to have
challenge/response (NTLM) authentication between the web browser and the web server. And, if SQL Server isn't
on the same machine as the web server, you need to have some things in place in order for the web server to
authenticate to SQL server using the web-browser's Windows account. This is sometimes referred to as
Delegation and sometimes Impersonation. (I never managed to figure out whether these two terms are
interchangeable in this context or if there is a difference between them, btw.) 

-- 
Tibor Karaszi, SQL Server MVP
http://www.karaszi.com/sqlserver/default.asp
http://www.solidqualitylearning.com/
"ChrisR" <anonymous@discussions.microsoft.com> wrote in message news:035901c48af3$bceaffa0$a301280a@phx.gbl...
> I would definately agree with the other replies. To play
> devils advocate though, a benifit to  NOT using domain
> authentication would be you can pick up your sql box and
> plop it into any domain and have no issues with your
> logins. Yes, these issues can be overcome, the rewards
> dont outweigh the benifits, you would probably never
> really do this, but its a reason. In addition to that, I
> beleive(could be wrong) that its tough to use WINNT auth
> for a web site?
>
>
>
> >-----Original Message-----
> >Are there any compelling reasons to use one over the
> other?
> >
> >Thanks,
> >
> >Bob Castleman
> >SuccessWare SoftWare
> >
> >
> >.
> >

Relevant Pages

  • Re: Integrated Windows Authentication not working
    ... >>> only web site and no one is behind a proxy server. ... proxy server between the various user's ISPs and your web server? ... And you're sure that the authentication settings for the virtual ... directory that maps to the physical directory where the .asp files are ...
    (microsoft.public.inetserver.iis.security)
  • Re: Windows Authentication in asp.net 2005 to SQL Server?
    ... I've seen out there are usually for the IIS and SQL Server to be on the same ... web server are on separate machines and are on different domains also. ... strings and not Windows authentication because of the double hop, ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Replication with join filter failure
    ... I have a SqlCE subscriber connecting via IIS to a SQL Server 2005 database. ... The database publisher/distributor and the web server are on different machines and I want to avoid the use of Kerberos delegation to share priviledges on the snapshot folder. ... I used a DB authentication on the SQL Server database. ...
    (microsoft.public.sqlserver.replication)
  • RE: Problems with WebParts
    ... to a database called aspnetdb. ... > The connection string specifies a local SQL Server Express instance using a ... > server account must have read and write access to the applications directory. ... > This is necessary because the web server account will automatically create ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Remote development advice
    ... We are using IIS as the web server. ... The IIS and SQL Server is setup in his ... I want to be able to access the pages that my friend has done remotely ... Then whichever web site he has configured as the default site on IIS should appear, assuming the web server was configured correctly. ...
    (microsoft.public.dotnet.general)