This step-by-step article describes several methods that
you can use to control access to a database that is published on a Microsoft
Internet Information Services (IIS) 6.0-based Web server.
Use security features in the database
You can use the built-in security permissions of the database
program or the database management system to control user access to the
database. By using the integrated user authentication methods in your database,
you can control access to the database with a fine level of
When you use the Database Results Wizard in Microsoft
FrontPage 2002 to create a Web page that has access to a database, you can use
password protection for that database connection.
To view security-related information in Microsoft SQL Server, search for "security" in SQL Server Books Online.
Control access by using the data source name for a database management system
The data source name (DSN) that you create on the Web server is
used by an external program or by an Active Server Pages (ASP) page to refer to
the database that you want to publish on your Web site.
To view the DSN password settings for a database management
system such as Microsoft SQL Server, follow these steps:
- Log on to the Web server computer as
- Click Start, point to Administrative Tools, and then click Data Sources (ODBC).
- Click the System DSN tab, and then click the name that corresponds to the DSN driver
that you want to configure. For example, you might click SQL Server.
- Click Configure, verify the SQL Server name, and then click Next.
- Under How should SQL Server verify the authenticity
of the login ID, use one of the following methods:
- If you want to use integrated Windows authentication,
click With Windows NT authentication using the network login
- If you want to use integrated SQL Server
authentication, click With SQL Server authentication using a login ID
and password entered by the user.
Note If this option is selected, type a login ID and a password before
- Click Next two times, and then click Finish.
- Click OK two times.
To connect to a SQL Server 2005 server, create a DSN by selecting SQL Native Client as the driver.
Use NTFS file system permissions to restrict access to files or to folders
You can use Microsoft Windows Server 2003 NTFS file system
permissions to restrict access to certain folders and to certain files in your
For additional information about how to use NTFS
permissions to control access to files and to folders in your Web site and
other methods you can use to help secure your Web, click the following article
number to view the article in the Microsoft Knowledge Base:
FP 2000: Security best practices for FrontPage 2000
Use subwebs to restrict access to a section of the Web site
When you use Microsoft FrontPage to create your Web, you can
create security boundaries through the use of subwebs. In FrontPage each subweb
can maintain separate security settings. You can put your database results
pages or put your ASP pages that refer to the database in a subweb that
contains unique permissions.
For additional information about
how to create a subweb and how to assign unique permissions, click the
following article number to view the article in the Microsoft Knowledge Base:
HOW TO: Create a subweb and add permissions using FrontPage 2000
Use an appropriate Web server authentication method
Use an appropriate Web server authentication method for users who
try to obtain access to your database. Database user authentication can depend
on the protocol that is used for the database connection. For example, if you
decide to use the Named Pipes default connection protocol for SQL Server,
authentication of Windows user account credentials may occur with SQL Server
information about how to connect to a database through IIS, click the following
article number to view the article in the Microsoft Knowledge Base:
Recommendations for connecting to databases through Internet Information Services
For additional information about SQL Server
security, visit the following Microsoft Web sites:
SQL Server 2000 SP3 security features and best practices
Security considerations for SQL Server
Article ID: 325877 - Last Review: December 3, 2007 - Revision: 10.4
- Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
- Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
- Microsoft Windows Server 2003, Standard Edition (32-bit x86)
- Microsoft Windows Server 2003, Web Edition
- Microsoft Internet Information Services 6.0
- Microsoft Windows Server 2003, 64-Bit Datacenter Edition
- Microsoft Windows Server 2003, Enterprise x64 Edition
- Microsoft SQL Server 2000 Desktop Engine (Windows)
- Microsoft SQL Server 2000 Developer Edition
- Microsoft SQL Server 2000 Enterprise Edition
- Microsoft SQL Server 2000 Standard Edition
- Microsoft SQL Server 2005 Express Edition
- Microsoft SQL Server 2005 Developer Edition
- Microsoft SQL Server 2005 Enterprise Edition
- Microsoft SQL Server 2005 Standard Edition
|kbwebservices kbappservices kbhowtomaster kbnetwork KB325877|