Limiting User rights to SQL Server from Web Service

5 pts.
Tags:
Access control
Browsers
filtering
Servers
SQL Server
SSL/TLS
Web security
Web services
Hi folks I am in the early days of developing an app that has (I think) some unusual security requirements. It will be deployed eventually on an intranet. As an example, please see the following: There is a Clients table that everybody has access to. this will have the usual fields such as ID, LName, FName, ONames. It will not contain any address info, as there is a requirement to keep a history of address changes. There is a 2nd table called ClientConfidentialDetails that includes the UserID of the user that has added another record to that table. There will also be a table called LocalOffices (of the org) & there will also be a table called OfficeUsers that will contain a list of the UserID's, the corresp users name & the LocalOfficeID (FK to the LocalOfficesID fld). Now the problem is that there is a requirement that only the User or group of Users in the same Local Office will (by default) have access to the records in the ClientConfidentialDetails table. However, there is also a requirement that the user that has inserted a record in that tbl be able to grant access to those records to a user (or the group of users in that 2nd LocalOffice). So, how would I do this? Normally, most articles I have read about WS access rights to SQL Server recommend using Windows Integrated Security. If that method is used, how would I get the LoginID passed through & inserted into the appropriate table? Or perhaps in terms of the Architecture I am barking up the wrong tree (forgive the Australianism). If there is a better way, perhaps somebody could give me a clue or two. Thanks in advance. Kind regards Ross Petersen
ASKED: February 6, 2006  3:24 PM
UPDATED: February 7, 2006  11:19 AM

Answer Wiki

Thanks. We'll let you know when a new response is added.

If the intranet is using Windows Integrated Security, then I would try and get the user name by using server-side code such as ASP or ASP.NET.

ASP:
Request.ServerVariables(“LOGON_USER”)

ASP.NET:
Request.ServerVariables(“AUTH_USER”)

Discuss This Question:  

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following