How To Control Access to a Database on a Web Server in Windows 2000

This article explains several methods that you can use to control access to a database published on an Internet Information Services (IIS) 5.0-based Web server.

Use Security Features in the Database

Use the built-in security permissions of the database program or the database management system to control user access to the database. By using the integrated user authentication methods in your database, you can control access to the database with a fine level of granularity.

When you use the Database Results Wizard in Microsoft FrontPage 2002 to create a Web page that accesses a database, you can employ password-protection on that database connection.

To view security-related information in Microsoft SQL Server, start SQL Server Enterprise Manager. On the Help menu, click Help Topics, and then search on security.

For more information about security-related information in Microsoft Access 2000 or Microsoft Access 2002, click Microsoft Access Help on the Help menu, type security in the Office Assistant or the Answer Wizard, and then click Search to view the topics returned.

Control Access by Using the Data Source Name

The Data Source Name (DSN) that you create on the Web server is used by an external program or Active Server Pages (ASP) page to reference the database that you want to publish on your Web site.

To view the password settings for the DSN, use one of the following methods, as appropriate to your situation.

For a Database Program

To view the DSN password settings for a database, such as Microsoft Access, follow these steps:

1. Log on to the Web server computer as Administrator.
2. Click Start, point to Settings, and then click Control Panel.
3. Double-click Administrative Tools, and then double-click Data Sources (ODBC).
4. Click the System DSN tab, and then select the name that corresponds to the DSN driver that you want to configure. For example, select Microsoft Access Driver (*.mdb).
5. Click Configure, and then click Advanced.
6. If you want to automatically provide logon credentials to the database when you use this DSN, type them into the Login name and Password boxes. Click OK.
7. Click OK, and then click OK again.

For a Database Management System

To view the DSN password settings for a database management system, such as Microsoft SQL Server, follow these steps:

1. Log on to the Web server computer as Administrator.
2. Click Start, point to Settings, and then click Control Panel.
3. Double-click Administrative Tools, and then double-click Data Sources (ODBC).
4. Click the System DSN tab, and then select the name that corresponds to the DSN driver that you want to configure. For example, select SQL Server.
5. Click Configure, and then click Next.
6. Under How should SQL Server verify the authenticity of the login ID, do one of the following:
   • If you want to use integrated Windows authentication, click With Windows NT authentication using the network login ID.
     
     -or-
   • If you want to use integrated SQL Server authentication, click With SQL Server authentication using a login ID and password entered by the user.
7. Click Next twice, and then click Finish.
8. Click OK, and then click OK again.

Use NTFS Permissions to Restrict Access to Files or Folders

You can use Windows 2000 NTFS permissions to restrict access to certain folders and files in your Web.

For additional information about how to use NTFS permissions to control access to files and folders in your Web site, as well as other methods of securing your Web, click the article number below to view the article in the Microsoft Knowledge Base:

Use Subwebs to Restrict Access to a Section of the Web Site

When you use Microsoft FrontPage to create your Web, you can create security boundaries through the use of subwebs. In FrontPage, each subweb can maintain separate security settings. You can place your Database Results pages, or ASP pages that reference the database, in a subweb that contains unique permissions.

For additional information about how to create a subweb and assign unique permissions, click the article number below to view the article in the Microsoft Knowledge Base:

Use an Appropriate Web Server Authentication Method

Use an appropriate Web server authentication method for users that attempt to access your database. Database user authentication can depend on the protocol that is used for the database connection. For example, if you decide to use the Named Pipes default connection protocol for SQL Server, authentication of Windows user account credentials may occur, in addition to SQL Server authentication.

For more information about how to work with the authentication features of IIS, click the following article number to view the article in the Microsoft Knowledge Base:

For additional information about how to connect to a database through IIS, click the article number below to view the article in the Microsoft Knowledge Base: For additional information about SQL Server security, browse to the following Microsoft Web site: For additional information about how to secure a Microsoft Access database, browse to the following Microsoft Web site: