Setting Up IIS 5.0 and SQL Server 2000 for Web Access

Installing IIS 5.0 under Windows XP and 2000 sets the authentication methods for the Default Web Site to Anonymous Access, Digest Authentication (for Active Directory), and Integrated Windows authentication (see Figure 23.24).

On an intranet, users ordinarily connect to the Web server with integrated Windows security having credentials provided by their Windows 2000+ account, and don't need anonymous access. If you clear the Anonymous Access check box, Internet users having a user account in a Windows 2000+ domain can connect to the Web server by completing a login dialog with their user ID, password, and down-level (NetBIOS) domain name for Windows authentication (see Figure 23.25). Only network access is required to view static pages whose source is an XML document.

If you're running Windows XP Professional or 2000+ Server behind a firewall, you might need to mark the Digest Authentication for Windows Domain Servers check box in the Authentication Methods dialog for your Web site. Using Digest Authentication is less secure than Windows 2000+ login, but much more secure than Basic (clear text) authentication.

Caution

XML or HTML data you send over the Internet to authenticated users isn't secure. Hackers easily can intercept the data, which travels across the Internet as plain text. To maintain data security, set up a secure virtual private network (VPN) for users with Point-to-Point Tunneling Protocol (PPTP) for Windows 98/Me or Layer2 Tunneling Protocol (L2TP). L2TP requires running Windows 2000+ on the server and Windows XP/2000 on the clients. When users log in to your intranet through a VPN, they can use conventional http://servername/... addresses to connect to the Web server.

Live Web reports and HTTP queries of any type require IIS to connect to SQL Server. Integrated Windows authentication succeeds for users having SQL Server logins on the destination server and appropriate permissions for the database.

To review how to set up SQL Server logins, user accounts, and permissions for individual databases, see "Securing Projects with the MSDE 2000 Login/User Tool," p. 936.

When anonymous users connect to your Web site over the Internet, they use the default interactive user (IUSR_SERVERNAME) account created when you installed IIS. By default, IIS creates and maintains the password for IUSR_SERVERNAME, which is a member of Domain Users under Windows 2000+ server. If you grant anonymous access to your Web site, visitors can open .htm and .asp files for static tables and reports that have XML data sources. Data in XML files stored in a Web site folder having anonymous access are available for the whole world to see or hack. If the IUSR_SERVERNAME account has an SQL Server login, a database user account, and at least read permission for database objects, anyone can read live reports and execute template queries against the database.

Note

NorthwindCS's public database role, which includes all database user accounts, grants full permissions for all database objects. Granting any permissions to the public role violates generally-accepted database security standards.

Granting anonymous visitors access to your SQL Server database(s) to run live Web reports or HTTP queries can result in serious security breaches. Use XML documents as the data source to provide anonymous Web access to tables, query result sets, and static Web reports if you must support anonymous visitors.