Sign in
 
Security Developer Center > Security Forums > CAT.NET > Security Confusion
Ask a questionAsk a question
Search Forums:
 

QuestionSecurity Confusion

  • Tuesday, November 03, 2009 7:24 PMjoebb3651 Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote
    I just DON'T at all understand this!
    I have 2 virtual servers on the same machine. Same network, same domain (CTD). I'm working on a website using AJAX/ASP NET 3.5. I wanted to implement aspnet security and that is where all the issues popped up and I am unable to make anything work from an outside browser. If you can help please do so BUT please don't point me at any "great examples". I have tried at least a dozen of them and none of them work in my configuration. I need a more targeted description applied to my situation. I don't need a first select this from this menu, etc approach. I need a generalized explanation of WHY I'm doing WHAT. I am a fairly competent SQL developer with some experience in other languages. Here are the specifics;

    Until I tried to implement security everything worked as I wanted. Since I was on a closed system behind a firewall not even on our corporate network. All my pages correctly loaded data from a SQL Server 2005 instance (CTDB) on a virtual server. I was using the sa account and password to connect to the database from pages on another virtual server WWW. I was working from an admin account in Visual Studio 2008 adm. I created a new page and used a plain login object and created a login/pass in the asp .net configuration tool from the website menu. The login which used the above configuration worked with no issues from Visual Studio. But when I tried to login to the web site outside of VS I entered my login/pass and then got an issue that login failed for sa. I had my net admin create a new user ID specifically for this and changed all the entries in web config and the database configuration to use the new login/pass. I tried again and got the same error FOR SA! But now I get it from Visual Studio AND outside browsers. To make a long story short this is where I now am. I've been trying to make this work for about a week and still can't get it to work. So my questions are these:

    What is keeping the new login/pass from working? I can connect using RDC to the server and the SQL server using the new login.

    How do I setup the ASPSQLNETPROVIDER to use a SQL database NOT the Access file on the website? Again, I have looked at a bunch of examples and NONE of them make any sense. Isn't there a straightforward example with out all kinds of Form based application. I want this to work from a website not a Forms application.

    Is there a way to import my current users table from SQL server to the ASPNETSQLPROVIDER table(s)?

    Thanks for any help and guidance that anyone can offer,

    Joe B