Change domain user password?

J

J

Hello. I apologize if this isn't the appropriate group for this question
but I was wondering if it's possible to allow regular windows domain users
to change their passwords through an .asp page? I'm trying to figure out
the best way to handle domain users to log into an .asp application tied
with SQL Server 2000 on the back end since I keep reading that windows
authentication is better practice to log into SQL Server. Thanks in
advance.

J
 
M

Matt

Is it absolutely necessary for users to change their passwords via an ASP
page? You can setup Windows Authentication on an ASP application in IIS. If
a user needs to change their password they can change it the standard way of
pressing CNTRL+ALT+Delete and clicking the change password button (Windows
XP). Otherwise, you would have to create your own custom control to enable
users to change their passwords (not sure how or if that is possible with
ASP. it is with .NET though).



For IIS, setup Integrated Windows Authentication (if you do not want them to
type their username and password each time). This would also require a
Client side IE Security Setting change to automatically pass the username
and password to the trusted Intranet zone.



Or



Setup Basic Authentication in IIS (if you require users to always enter
their username and password) and specify the default domain name.
 
J

J

Hi Matt,

Our IIS5.0 is a w2k server on 1 domain and our sql server 2000 is on another
w2k server on a different domain. I'm in the process of brainstorming using
Basic windows authentication on the web application folder and below that
contains the .asp pages which uses https that encrypts the whole
communication to our sql server. In the possible case that the user doesn't
have windows xp or a windows os I was just curious how they'd be able to
change their domain password since I'm trying to configure it to use windows
basic authentication to our sql server and that they should be able to
change their password frequently since our sql server contains sensitive
data. I read much on the web that windows authentication to sql server is a
better practice that sql login authentication but seems like it gets a
little trickier when the web and database servers are on different domains
which I've read is safer in general to have the sql server isolated on it's
own domain from the web server. This is why I prefer to use sql login
authentication which makes things easier in setting up, maintaining login
id's and seems easier to incorporate into .asp applications. Sorry if I
wrote too much in complicating things. I'm just wondering which is the
safer method and way for user's to change their own domain passwords.

Thanks Matt,

J
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,904
Latest member
HealthyVisionsCBDPrice

Latest Threads

Top