I need to manage SQL Users and their Roles using a web interface. There are
no database tables with user information involved, just the SQL Server
Security setting for Users and Roles.

Does the membership class support this (Login control)? Where do I set the
property to look at the SQL roles?

I've been using 2.0 and 3.5 framework.

Membership uses a its custom db and tables.

I am not aware of such a web interface..

-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

[quoted text, click to view]

I thought about writing a stored procedure that will be executed through
secure web page that will update the system tables.

For example, something like:
insert into sysusers (status, name, sid, createdate, updatedate, gid,
hasdbaccess, islogin,isntname, isntgroup, isntuser, issqluser, isaliased,
issqlrole, isapprole) values (0, 'NewUserName', '0x01', getdate(), getdate(),
0,0,0,0,0,0,1,0,1,0)

However, according to this article
http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=89594&SiteID=1, you
can't do this. I tried it and got an error message that it's not allowed: "Ad
hoc updates to system catalogs are not allowed."

There are these commercially produced tools I've read about. How do they do
it if it's not allowed?
I use SQL2005.
Thanks



[quoted text, click to view]