Re: ASP access to SQL Database



Thanks Steve,
will give it a go by creating a new internal site and following through as
you suggest.
Will post again if run into problems


"Steve Foster [SBS MVP]" wrote:

Ken-T wrote:

Hi,

on SBS premium....
taking some first steps with a test DB in SQL and some ASP pages .
Just need to get one or two things working so can get a better idea if a
project involving a major DB with lookups from Domain users via ASP on IIS
is
worth the effort.
(Yes, I will buy a book and study it properly when I start.... anyone has
and ideas for a really good book for database access via ASP would
appreciate
it).

For first step, an ASP page on IIS with contzent shown below fails with
"no trusted SQL connection.... error with login of user sa" etc.
<%
Dim conn
Set conn = Server.CreateObject("ADODB.Connection")
conn.Open "Provider=SQLOLEDB; Initial Catalog = Northwind; User Id = sa;
Password="
If conn.errors.count = 0 Then
Response.Write "Connected OK"
End If
%>

Am sure it is due to the users set for DB acess on SQL.
In Enterprise, I see only dbo and dbadmin.
IIS is running as default (I think) with IUSR_Sysname as user for
"anonymous"

Would appreciate any help/tips for setup of a correct, read only access
method to db's

The default condition for SQL on SBS is that it is configured for Windows
Authentication only. Since SA is a SQL Login, this fails.

If the plan is to make use of domain user accounts, this is fine, but you
need to configure IIS to impersonate the domain users (ie not use IUSR_*)
*and* to add the domain users to SQL (SQL starts out with only
<domain>\Administrators having access). You need to change the Connection
String to request a Trusted Connection to SQL Server as well.

To configure IIS to impersonate users, either:

a) disable anonymous access in the website/virtual directory properties, or
b) use NTFS security on the underlying files and folders so that the
IUSR_* account doesn't have privileges.

To configure SQL Access for domain accounts, use Enterprise Manager to add
them as Logins, and then specify the database rights for the logins. I
would recommend you create domain groups that mirror the security levels
you wish to create, grant the groups SQL logins, and then place user
accounts in the relevant groups.

--
Steve Foster [SBS MVP]
---------------------------------------
MVPs do not work for Microsoft. Please reply only to the newsgroups.

.

Relevant Pages

  • Re: most restrictive or least?
    ... >makes sense as far as deny goes. ... group is a user in SQL ... >2) domain users can SELECT some tables ... >Server) to be just like the above but have UPDATE on one ...
    (microsoft.public.sqlserver.security)
  • Re: ASP access to SQL Database
    ... Ours is showing set to "Windows Only" rather than "SQL ... Is this normal default for SBS? ... project involving a major DB with lookups from Domain users via ASP on IIS ... them as Logins, and then specify the database rights for the logins. ...
    (microsoft.public.windows.server.sbs)
  • Re: ASP access to SQL Database
    ... taking some first steps with a test DB in SQL and some ASP pages. ... If the plan is to make use of domain user accounts, this is fine, but you need to configure IIS to impersonate the domain users *and* to add the domain users to SQL. ... To configure SQL Access for domain accounts, use Enterprise Manager to add them as Logins, and then specify the database rights for the logins. ...
    (microsoft.public.windows.server.sbs)
  • Re: most restrictive or least?
    ... makes sense as far as deny goes. ... The "domain users" group is a user in SQL ... Server) to be just like the above but have UPDATE on one table. ...
    (microsoft.public.sqlserver.security)
  • Re: object level permissions being lost when migrating
    ... I am talking about SQL Logins, ... can go to the object and see that user X has permissions XYZ on that object, ... I then restored the databases and re-synched the users via the ...
    (microsoft.public.sqlserver.security)