K
kh
Hi. I'm designing an intranet application in a heterogenious MS environment (XP, W2K Server, SQL Server 2K). The perfect security scenario for me is described in the Patterns & Practices guide entitled "Building Secure ASP.NET Applications". In the "Intranet Security" chapter [1] the text describes the "ASP.NET to SQL Server" architecture and recommends that impersonation be switched off and the machine.config file be amended to supply a known password for the ASPNET account. We use windows authentication throughout.
However, the application is one of several on the machine so editing machine.config is not an option. It is an essential requirement for me to be able to determine the user's identity when making changes to the database for audit purposes. How should I proceed?
Many thanks
kh
[1] http://msdn.microsoft.com/library/en-us/dnnetsec/html/SecNetch05.asp
However, the application is one of several on the machine so editing machine.config is not an option. It is an essential requirement for me to be able to determine the user's identity when making changes to the database for audit purposes. How should I proceed?
Many thanks
kh
[1] http://msdn.microsoft.com/library/en-us/dnnetsec/html/SecNetch05.asp