How to control access to a database on a Web server in Windows Server 2003

Article translations Article translations
Article ID: 325877 - View products that this article applies to.
This article was previously published under Q325877
This article has been archived. It is offered "as is" and will no longer be updated.
Expand all | Collapse all

On This Page

SUMMARY

This step-by-step article describes several methods that you can use to control access to a database that is published on a Microsoft Internet Information Services (IIS) 6.0-based Web server.

Use security features in the database

You can use the built-in security permissions of the database program or the database management system to control user access to the database. By using the integrated user authentication methods in your database, you can control access to the database with a fine level of granularity.

When you use the Database Results Wizard in Microsoft FrontPage 2002 to create a Web page that has access to a database, you can use password protection for that database connection.

To view security-related information in Microsoft SQL Server, search for "security" in SQL Server Books Online.

Control access by using the data source name for a database management system

The data source name (DSN) that you create on the Web server is used by an external program or by an Active Server Pages (ASP) page to refer to the database that you want to publish on your Web site.

To view the DSN password settings for a database management system such as Microsoft SQL Server, follow these steps:
  1. Log on to the Web server computer as administrator.
  2. Click Start, point to Administrative Tools, and then click Data Sources (ODBC).
  3. Click the System DSN tab, and then click the name that corresponds to the DSN driver that you want to configure. For example, you might click SQL Server.
  4. Click Configure, verify the SQL Server name, and then click Next.
  5. Under How should SQL Server verify the authenticity of the login ID, use one of the following methods:
    • If you want to use integrated Windows authentication, click With Windows NT authentication using the network login ID.

      -or-
    • If you want to use integrated SQL Server authentication, click With SQL Server authentication using a login ID and password entered by the user.

      Note If this option is selected, type a login ID and a password before you continue.
  6. Click Next two times, and then click Finish.
  7. Click OK two times.
Note To connect to a SQL Server 2005 server, create a DSN by selecting SQL Native Client as the driver.

Use NTFS file system permissions to restrict access to files or to folders

You can use Microsoft Windows Server 2003 NTFS file system permissions to restrict access to certain folders and to certain files in your Web.

For additional information about how to use NTFS permissions to control access to files and to folders in your Web site and other methods you can use to help secure your Web, click the following article number to view the article in the Microsoft Knowledge Base:
306011 FP 2000: Security best practices for FrontPage 2000

Use subwebs to restrict access to a section of the Web site

When you use Microsoft FrontPage to create your Web, you can create security boundaries through the use of subwebs. In FrontPage each subweb can maintain separate security settings. You can put your database results pages or put your ASP pages that refer to the database in a subweb that contains unique permissions.

For additional information about how to create a subweb and how to assign unique permissions, click the following article number to view the article in the Microsoft Knowledge Base:
301432 HOW TO: Create a subweb and add permissions using FrontPage 2000

Use an appropriate Web server authentication method

Use an appropriate Web server authentication method for users who try to obtain access to your database. Database user authentication can depend on the protocol that is used for the database connection. For example, if you decide to use the Named Pipes default connection protocol for SQL Server, authentication of Windows user account credentials may occur with SQL Server authentication.

REFERENCES

For additional information about how to connect to a database through IIS, click the following article number to view the article in the Microsoft Knowledge Base:
258939 Recommendations for connecting to databases through Internet Information Services
For additional information about SQL Server security, visit the following Microsoft Web sites:

SQL Server 2000 SP3 security features and best practices
http://www.microsoft.com/technet/prodtechnol/sql/2000/maintain/sp3sec00.mspx


Security considerations for SQL Server
http://msdn2.microsoft.com/ms161948(en-US,SQL.90).aspx

Properties

Article ID: 325877 - Last Review: February 27, 2014 - Revision: 10.4
APPLIES TO
  • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003, Web Edition
  • Microsoft Internet Information Services 6.0
  • Microsoft Windows Server 2003, 64-Bit Datacenter Edition
  • Microsoft Windows Server 2003, Enterprise x64 Edition
  • Microsoft SQL Server 2000 Desktop Engine (Windows)
  • Microsoft SQL Server 2000 Developer Edition
  • Microsoft SQL Server 2000 Enterprise Edition
  • Microsoft SQL Server 2000 Standard Edition
  • Microsoft SQL Server 2005 Express Edition
  • Microsoft SQL Server 2005 Developer Edition
  • Microsoft SQL Server 2005 Enterprise Edition
  • Microsoft SQL Server 2005 Standard Edition
Keywords: 
kbnosurvey kbarchive kbwebservices kbappservices kbhowtomaster kbnetwork KB325877

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com