Microsoft KB Archive/325877

= How to control access to a database on a Web server in Windows Server 2003 =

Article ID: 325877

Article Last Modified on 12/3/2007

-

APPLIES TO


 * Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
 * Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)
 * Microsoft Windows Server 2003, Web Edition
 * Microsoft Internet Information Services 6.0
 * Microsoft Windows Server 2003, 64-Bit Datacenter Edition
 * Microsoft Windows Server 2003, Enterprise x64 Edition
 * Microsoft SQL Server 2000 Desktop Engine (Windows)
 * Microsoft SQL Server 2000 Developer Edition
 * Microsoft SQL Server 2000 Enterprise Edition
 * Microsoft SQL Server 2000 Standard Edition
 * Microsoft SQL Server 2005 Express Edition
 * Microsoft SQL Server 2005 Developer Edition
 * Microsoft SQL Server 2005 Enterprise Edition
 * Microsoft SQL Server 2005 Standard Edition

-



This article was previously published under Q325877



For a Microsoft Windows 2000 version of this article, see 313077.

IN THIS TASK

 * SUMMARY
 * Use security features in the database
 * Control access by using the data source name for a database management system
 * Use NTFS file system permissions to restrict access to files or to folders
 * Use subwebs to restrict access to a section of the Web site
 * Use an appropriate Web server authentication method
 * REFERENCES



SUMMARY
This step-by-step article describes several methods that you can use to control access to a database that is published on a Microsoft Internet Information Services (IIS) 6.0-based Web server.

back to the top

Use security features in the database
You can use the built-in security permissions of the database program or the database management system to control user access to the database. By using the integrated user authentication methods in your database, you can control access to the database with a fine level of granularity.

When you use the Database Results Wizard in Microsoft FrontPage 2002 to create a Web page that has access to a database, you can use password protection for that database connection.

To view security-related information in Microsoft SQL Server, search for &quot;security&quot; in SQL Server Books Online.

back to the top

Control access by using the data source name for a database management system
The data source name (DSN) that you create on the Web server is used by an external program or by an Active Server Pages (ASP) page to refer to the database that you want to publish on your Web site.

To view the DSN password settings for a database management system such as Microsoft SQL Server, follow these steps:
 * 1) Log on to the Web server computer as administrator.
 * 2) Click Start, point to Administrative Tools, and then click Data Sources (ODBC).
 * 3) Click the System DSN tab, and then click the name that corresponds to the DSN driver that you want to configure. For example, you might click SQL Server.
 * 4) Click Configure, verify the SQL Server name, and then click Next.
 * 5) Under How should SQL Server verify the authenticity of the login ID, use one of the following methods:
 * 6) * If you want to use integrated Windows authentication, click With Windows NT authentication using the network login ID.

-or-
 * 1) * If you want to use integrated SQL Server authentication, click With SQL Server authentication using a login ID and password entered by the user.

Note If this option is selected, type a login ID and a password before you continue.
 * 1) Click Next two times, and then click Finish.
 * 2) Click OK two times.

Note To connect to a SQL Server 2005 server, create a DSN by selecting SQL Native Client as the driver.

back to the top

Use NTFS file system permissions to restrict access to files or to folders
You can use Microsoft Windows Server 2003 NTFS file system permissions to restrict access to certain folders and to certain files in your Web.

For additional information about how to use NTFS permissions to control access to files and to folders in your Web site and other methods you can use to help secure your Web, click the following article number to view the article in the Microsoft Knowledge Base:

306011 FP 2000: Security best practices for FrontPage 2000

back to the top

Use subwebs to restrict access to a section of the Web site
When you use Microsoft FrontPage to create your Web, you can create security boundaries through the use of subwebs. In FrontPage each subweb can maintain separate security settings. You can put your database results pages or put your ASP pages that refer to the database in a subweb that contains unique permissions.

For additional information about how to create a subweb and how to assign unique permissions, click the following article number to view the article in the Microsoft Knowledge Base:

301432 HOW TO: Create a subweb and add permissions using FrontPage 2000

back to the top

Use an appropriate Web server authentication method
Use an appropriate Web server authentication method for users who try to obtain access to your database. Database user authentication can depend on the protocol that is used for the database connection. For example, if you decide to use the Named Pipes default connection protocol for SQL Server, authentication of Windows user account credentials may occur with SQL Server authentication. back to the top

