SQL Server 2000 db app: Forms Authentication - Windows Aut..

Aactually I'm just trying to understand the logic-mechanics of Forms
Authentication in that it sounds like they're utilized within "user" like
tables within a SQL Server db and really doesn't have anything to do with
SQL Server connections correct? I know Mixed Authentication (SQL logins)
are involved with SQL Server connections and underlying mechanisms in that
those are stored throughout SQL Server's system databases.

Thanks for your reply Uri, much appreciated.



"Uri Dimant" wrote in message

> Hi
> I think you meant Mixed Authentication instead of Forms authentication
> ..
> If your coonection string uses one login to connect to the database then
> you will see a login + hostname (if you want to identify a machine)
>
> To switch to Windows authentication you will need to edit connection
> string ...
>
> www.connectionstrings.com
>
>
> "." wrote in message
>
>> Hello, can a Forms authentication .net app that runs on SQL 2000 have
>> their individual logins tracked in SQL Profiler or would that be using
>> one generic SQL connection? Also in general is it usually easy to
>> convert Forms authentication to Windows authentication into SQL Server?
>> Thanks in advance.
>>
>
>
 >> Stay informed about: SQL Server 2000 db app: Forms Authentication - Windows Aut.. 

> Aactually I'm just trying to understand the logic-mechanics of Forms
> Authentication in that it sounds like they're utilized within "user" like
> tables within a SQL Server db and really doesn't have anything to do with
> SQL Server connections correct?

Yes, forms authentication is strictly for the application side. SQL Server
has no knowledge of how the user authenticated to the app. If you use
Windows authentication to connect to SQL Server in this scenario, the IIS
anonymous user (or app pool account) is used to connect to SQL Server.

If you want users to connect to the database under their own security
context in a secure manner, you'll need to use Kerberos so that end user
credentials can be passed to IIS and on to SQL Server in a "double-hop"
scenario like this. The alternative is the insecure basic authentication
method, in which case IIS can use end-user account name and password to
establish the trusted SQL Server connection.

--
Hope this helps.

Dan Guzman
SQL Server MVP
http://weblogs.sqlteam.com/dang/

"." wrote in message
news:#DFabuM3KHA.5084@TK2MSFTNGP02.phx.gbl...
> Aactually I'm just trying to understand the logic-mechanics of Forms
> Authentication in that it sounds like they're utilized within "user" like
> tables within a SQL Server db and really doesn't have anything to do with
> SQL Server connections correct? I know Mixed Authentication (SQL logins)
> are involved with SQL Server connections and underlying mechanisms in that
> those are stored throughout SQL Server's system databases.
>
> Thanks for your reply Uri, much appreciated.
>
>
>
> "Uri Dimant" wrote in message
>
>> Hi
>> I think you meant Mixed Authentication instead of Forms authentication
>> ..
>> If your coonection string uses one login to connect to the database then
>> you will see a login + hostname (if you want to identify a machine)
>>
>> To switch to Windows authentication you will need to edit connection
>> string ...
>>
>> www.connectionstrings.com
>>
>>
>> "." wrote in message
>>
>>> Hello, can a Forms authentication .net app that runs on SQL 2000 have
>>> their individual logins tracked in SQL Profiler or would that be using
>>> one generic SQL connection? Also in general is it usually easy to
>>> convert Forms authentication to Windows authentication into SQL Server?
>>> Thanks in advance.
>>>
>>
>>
>
>
 >> Stay informed about: SQL Server 2000 db app: Forms Authentication - Windows Aut.. 

This was exactly what I'd been suspecting for a while and just needed
confirmation. I've heard and read as long as ssl (https) is used basic
authentication is ok to use I recall. Thanks a bunch Dan, totally
appreciate it


"Dan Guzman" wrote in message

>> Aactually I'm just trying to understand the logic-mechanics of Forms
>> Authentication in that it sounds like they're utilized within "user" like
>> tables within a SQL Server db and really doesn't have anything to do with
>> SQL Server connections correct?
>
> Yes, forms authentication is strictly for the application side. SQL
> Server has no knowledge of how the user authenticated to the app. If you
> use Windows authentication to connect to SQL Server in this scenario, the
> IIS anonymous user (or app pool account) is used to connect to SQL Server.
>
> If you want users to connect to the database under their own security
> context in a secure manner, you'll need to use Kerberos so that end user
> credentials can be passed to IIS and on to SQL Server in a "double-hop"
> scenario like this. The alternative is the insecure basic authentication
> method, in which case IIS can use end-user account name and password to
> establish the trusted SQL Server connection.
>
> --
> Hope this helps.
>
> Dan Guzman
> SQL Server MVP
> http://weblogs.sqlteam.com/dang/
>
> "." wrote in message
> news:#DFabuM3KHA.5084@TK2MSFTNGP02.phx.gbl...
>> Aactually I'm just trying to understand the logic-mechanics of Forms
>> Authentication in that it sounds like they're utilized within "user" like
>> tables within a SQL Server db and really doesn't have anything to do with
>> SQL Server connections correct? I know Mixed Authentication (SQL logins)
>> are involved with SQL Server connections and underlying mechanisms in
>> that those are stored throughout SQL Server's system databases.
>>
>> Thanks for your reply Uri, much appreciated.
>>
>>
>>
>> "Uri Dimant" wrote in message
>>
>>> Hi
>>> I think you meant Mixed Authentication instead of Forms authentication
>>> ..
>>> If your coonection string uses one login to connect to the database then
>>> you will see a login + hostname (if you want to identify a machine)
>>>
>>> To switch to Windows authentication you will need to edit connection
>>> string ...
>>>
>>> www.connectionstrings.com
>>>
>>>
>>> "." wrote in message
>>>
>>>> Hello, can a Forms authentication .net app that runs on SQL 2000 have
>>>> their individual logins tracked in SQL Profiler or would that be using
>>>> one generic SQL connection? Also in general is it usually easy to
>>>> convert Forms authentication to Windows authentication into SQL Server?
>>>> Thanks in advance.
>>>>
>>>
>>>
>>
>>
 >> Stay informed about: SQL Server 2000 db app: Forms Authentication - Windows Aut.. 

> This was exactly what I'd been suspecting for a while and just needed
> confirmation. I've heard and read as long as ssl (https) is used basic
> authentication is ok to use I recall. Thanks a bunch Dan, totally
> appreciate it

Happy to help.

--
Dan Guzman
SQL Server MVP
http://weblogs.sqlteam.com/dang/
 >> Stay informed about: SQL Server 2000 db app: Forms Authentication - Windows Aut..