Let me go further.
I have a tomcat application that is in my internal network. I was planning
on using modJK to forward the traffic. Corp security states that the DMZ
layer needs to do auth. I already have it built into the tomcat layer.
So I need something like IIS and modJK in the DMZ that also does a simple
auth check. I do not have the ability to use a different user storage. So I
am looking for a solution that will forward the traffic and do auth.
[quoted text, click to view] "Jeff Cochran" wrote:
> On Sat, 30 Sep 2006 18:42:01 -0700, Scott Jones
> <ScottJones@discussions.microsoft.com> wrote:
>
> >I am new to IIS. I have a microsoft sql server with user id and passwords
> >stored in it. I need to get IIS to use the sql database for authentication.
> >
> >
> >1. Is this possible?
>
> No.
>
> >2. If so, can someone point me to documentation or an example.
>
> Best you can do is use ASP.NET or another technology for your logins
> and security. The security in IIS is based on Windows accounts.
>
> Jeff
On Sat, 30 Sep 2006 18:42:01 -0700, Scott Jones
[quoted text, click to view] <ScottJones@discussions.microsoft.com> wrote:
>I am new to IIS. I have a microsoft sql server with user id and passwords
>stored in it. I need to get IIS to use the sql database for authentication.
>
>
>1. Is this possible?
No.
[quoted text, click to view] >2. If so, can someone point me to documentation or an example.
Best you can do is use ASP.NET or another technology for your logins
and security. The security in IIS is based on Windows accounts.
Hi,
You can write your own ISAPI filter that looks in a database to verify
credentials.
Is your DMZ datastore of user credentials secure though? If that is
compromised, then the attacker would have access to all the credentials for
your web application...
Cheers
Ken
[quoted text, click to view] "Scott Jones" <ScottJones@discussions.microsoft.com> wrote in message
news:18688E4A-938E-46D5-AF9E-A2D33462B766@microsoft.com...
> Let me go further.
> I have a tomcat application that is in my internal network. I was
> planning
> on using modJK to forward the traffic. Corp security states that the DMZ
> layer needs to do auth. I already have it built into the tomcat layer.
>
> So I need something like IIS and modJK in the DMZ that also does a simple
> auth check. I do not have the ability to use a different user storage.
> So I
> am looking for a solution that will forward the traffic and do auth.
>
> "Jeff Cochran" wrote:
>
>> On Sat, 30 Sep 2006 18:42:01 -0700, Scott Jones
>> <ScottJones@discussions.microsoft.com> wrote:
>>
>> >I am new to IIS. I have a microsoft sql server with user id and
>> >passwords
>> >stored in it. I need to get IIS to use the sql database for
>> >authentication.
>> >
>> >
>> >1. Is this possible?
>>
>> No.
>>
>> >2. If so, can someone point me to documentation or an example.
>>
>> Best you can do is use ASP.NET or another technology for your logins
>> and security. The security in IIS is based on Windows accounts.
>>
>> Jeff
>>
