Client side ActiveX control accessing SQL Server with Windows NT Security 
Author Message
 Client side ActiveX control accessing SQL Server with Windows NT Security

My scenario takes a few minutes to get familiar with so here goes.

I am running Windows NT Server (SP4) with IIS and SQL Server 7.0.  SQL
Server is configured to use only Windows NT security.  IIS challenges users
based on the NTFS permissions assigned to the directories.  This works great
for the web site and asp driven VB components that access the SQL server.

I have a client side ActiveX control that allows supervisors to access and
modify certain tables in the database.  The control uses a tab strip with
one tab for each table.  Database access is driven by ADO 2.0 using the MS
Remote Provider and a DSN on the server.  In order to minimize the overhead
in the control I use a system where I get the user only one recordset at a
time based on what tab they are working with.

When the control loads the first tab is active and a recordset is retrieved
and displayed.  This first database action seems to have no problem passing
on the NT credentials to the database.  Any other action taken that requires
another population of the recordset fails.  The failure indicates that
IUSR_MACHINENAME does not have access to the database.  Of course I setup
the database not to allow this user access.

I have tried filling more than one recordset when the control loads, still
only the first recordset can fill properly by passing along the correct
windows NT credentials.

I am using one public ADO connection object for the entire lifetime of the
ActiveX control instance.  I  have tried using multiple connections, not the
best way I know, and that does not work either.

Can anyone suggest a next move?

Thanks in advance to anyone who can help.


Sun, 12 Aug 2001 03:00:00 GMT  
 Client side ActiveX control accessing SQL Server with Windows NT Security
I have found a work around to my problem.  I simply disabled Anonymous
access to the site from within the IIS MMC and all is well.  This is
acceptable for me as I am requiring everyone to login anyways.

I had also found another less elegant solution.  I had put my security on
SQL back to mixed, created a new account in SQL, made another DSN on the
server, and asked the user for their password in order to complete the
connection string.



Sun, 12 Aug 2001 03:00:00 GMT  
 [ 2 post ] 

 Relevant Pages 

1. Server side info in ActiveX Control (Client Side)

2. Accessing Data generated with client-side script from server-side script

3. Security with IIS, ASP, VB server side objects and SQL Server

4. Remote Automation : Windows 3.1 client/ Windows NT Server

5. attached Contact Item on server-side becomes attached Mail Item on client-side

6. How Can I Pass Data Between the Server Side and the Client Side VB/JScript

7. store server-side array in client side

8. Client-side Subroutine calling Server-Side Subroutine

9. pass server side vbscript to client side javascript

10. Client side VS server side

11. Client side scripting / server side scripting

12. Client Side and Server Side Scripts


Powered by phpBB® Forum Software