SQL, ASP .NET, VB .NET Authentication -- iis security

Rick Sawtell
10/19/2004 10:44:15 AM

[quoted text, click to view]

Given your scenario, a simple stored procedure should suffice..

This simply checks to see if the login exists in the db. If it does, it
returns a 1, else it returns a 0

CREATE PROC dbo.usp_ValidateLogin
@LoginName varchar(50),
@Password varchar(50)
AS
SELECT LoginName, Password
FROM tablename
WHERE LoginName = @LoginName
AND Password = @Password

RETURN @@RowCount

Nikolay Petrov
10/19/2004 4:29:08 PM

Is it possible to authenticate user using a SQL database, containing users
and passwords?

What I want to achive is:
I have as SQL database containig data for my app. This database also
contains usernames, passwords and rights which are specific for my app.
Also I have a middle tier WebService, which contains the business logic of
my app, and is responsible for connecting to SQL database.
The connection between SQL server and the WebService as made with hardcoded
user. I don't need to authenticate the Users with SQL server.
As a frontend I have a Windows Froms and ASP .NET applications.
The users should fill username/password boxes, then this information is to
be passed to the WebService, which checks the username and password in the
SQL database.
I want the WebService methods to be available only to users, which have
authenticated to the user database in SQL server.

Any ideas, sample code and documents of how to implement this would be
greatly appreciateble.
I use VB .NET

Thank you in advance!

iis security : SQL, ASP .NET, VB .NET Authentication