Home > Archive > MS SQL Server security > January 2006 > ISAPI Application and Integrated Security









You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

 

Author ISAPI Application and Integrated Security
Harry Leboeuf

2006-01-06, 8:23 pm

We have a ISAPI dll that we access over Windows Integrated Security.
Everybody is allowed to acces the server in our Intranet that is a user of
our domain.
In that application we use the WindowsUsername from the users that starts a
'session' to check some security settings (stored in sql-server-tables)and
decide what we show to the user. (Options/reports/Forms/...)
Now we are thigthening our security on the sql sever and only Windows
Authentication will be allowed.
Until now the only way to run that DLL and use WA to connect to sql is to
change the user that runs the IIS-WWW service.
From localsystem to something else.
But what if we also have a other website running on that IIS that has
nothing to do with SqlServer...

Is there another approach for this kind of security problems ??

Thx

Harry Leboeuf
Kinepolis Group


Sponsored Links





Also available: Server administration forum archive | Web Design forum archive | Software forum archive | Hardware reviews archive | Programming forum archive

Copyright 2008 droptable.com