|
Home > Archive > IIS Server Security > October 2004 > SQL, ASP .NET, VB .NET Authentication
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
SQL, ASP .NET, VB .NET Authentication
|
|
| Nikolay Petrov 2004-10-19, 7:50 am |
| Is it possible to authenticate user using a SQL database, containing users
and passwords?
What I want to achive is:
I have as SQL database containig data for my app. This database also
contains usernames, passwords and rights which are specific for my app.
Also I have a middle tier WebService, which contains the business logic of
my app, and is responsible for connecting to SQL database.
The connection between SQL server and the WebService as made with hardcoded
user. I don't need to authenticate the Users with SQL server.
As a frontend I have a Windows Froms and ASP .NET applications.
The users should fill username/password boxes, then this information is to
be passed to the WebService, which checks the username and password in the
SQL database.
I want the WebService methods to be available only to users, which have
authenticated to the user database in SQL server.
Any ideas, sample code and documents of how to implement this would be
greatly appreciateble.
I use VB .NET
Thank you in advance!
| |
| Rick Sawtell 2004-10-19, 5:51 pm |
|
"Nikolay Petrov" <johntup2@mail.bg> wrote in message
news:%23PpIe%23dtEHA.220@TK2MSFTNGP15.phx.gbl...
> Is it possible to authenticate user using a SQL database, containing users
> and passwords?
>
> What I want to achive is:
> I have as SQL database containig data for my app. This database also
> contains usernames, passwords and rights which are specific for my app.
> Also I have a middle tier WebService, which contains the business logic of
> my app, and is responsible for connecting to SQL database.
> The connection between SQL server and the WebService as made with
hardcoded
> user. I don't need to authenticate the Users with SQL server.
> As a frontend I have a Windows Froms and ASP .NET applications.
> The users should fill username/password boxes, then this information is to
> be passed to the WebService, which checks the username and password in the
> SQL database.
> I want the WebService methods to be available only to users, which have
> authenticated to the user database in SQL server.
>
>
> Any ideas, sample code and documents of how to implement this would be
> greatly appreciateble.
> I use VB .NET
>
> Thank you in advance!
>
>
Given your scenario, a simple stored procedure should suffice..
This simply checks to see if the login exists in the db. If it does, it
returns a 1, else it returns a 0
CREATE PROC dbo.usp_ValidateLogin
@LoginName varchar(50),
@Password varchar(50)
AS
SELECT LoginName, Password
FROM tablename
WHERE LoginName = @LoginName
AND Password = @Password
RETURN @@RowCount
|
|
|
|
|