Multi tier web application security architecture




I'm trying to design a security architecture in this enviroment:

I have an extranet web site. This extranet is in a domain A and uses windows
integrated security to authenticate the users.

In another domain B (intranet), I have a web server with webservices which
are called from entranet aspx pages. This web services, calls bussiness layer
in another app server. Finally, I have a SQLServer backend that is accessed
by bussiness layer.
A tipically distibuted multi-tier application: IIS web application (UI) ->
Service Layer (in the intranet)->Bussiness Layer (intranet)->SQL Server
(backend intranet).

My DBA says to me that I must use Windows security to SQL server access,
because, they want to do an access auditory. But this means that users in
domain A, should access to SQLServer that is in domain B.
Domains A and B are accessible throught Internet and actually are not
trusted (but it can be)

Wich is the best security architecture for this scenario?? and Which is the
best architecture if I have not the DBA requirements and extranet web site,
could use any authentication system??

Thanks a lot.
Best regards!


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question