Friday, February 24, 2012

Extranet Thick Client Connection

Hi,
I have a Windows Forms application that uses ADO.NET 1.1 to communicate with SQL Server 2K. I would like to start retailing my Windows app, allowing clients who are not in my domain or work-group to communicate with a database on MY SQL Server using Wind
ows Integrated Authentication. Can I get some guidance on exactly how this would be done please?
JT
Windows Authentication without a domain means you're using Workgroup
Security. This essentially requires you to duplicate nt user accounts and
passwords on both machines. This will work with Named Pipe connections.
It will not work with Sockets.
I'd recommend securing the traffic with SQL's protocol encryption. You'll
need a server certificate installed on the SQL Server.
276553 HOW TO: Enable SSL Encryption for SQL Server 2000 with Certificate
Server
http://support.microsoft.com/?id=276553
Thanks,
Kevin McDonnell
Microsoft Corporation
This posting is provided AS IS with no warranties, and confers no rights.
|||Thanks Kevin - I appreciate it. How do you communicate with Named Pipes over the internet? My clients would be at sites far remote from my SQL Server(s). Would I have to have a VPN? Would exposing SQL Server as a Web Service be an option?
JT
"Kevin McDonnell [MSFT]" wrote:

> Windows Authentication without a domain means you're using Workgroup
> Security. This essentially requires you to duplicate nt user accounts and
> passwords on both machines. This will work with Named Pipe connections.
> It will not work with Sockets.
> I'd recommend securing the traffic with SQL's protocol encryption. You'll
> need a server certificate installed on the SQL Server.
> 276553 HOW TO: Enable SSL Encryption for SQL Server 2000 with Certificate
> Server
> http://support.microsoft.com/?id=276553
>
> Thanks,
> Kevin McDonnell
> Microsoft Corporation
> This posting is provided AS IS with no warranties, and confers no rights.
>
>
|||You would not use Named Pipes over the internet. The ports required for it
to work would make your
firewall insecure.
If you're remote clients are VPNing in, then I would think that they'd also
would be authenticating
against a DC. So, after they've done this they should be able to use
Windows Auth to SQL.
If you're clients are coming from an Extranet, do you have a 1 way Trust
between machines there and your other domain?
Kevin McDonnell
Microsoft Corporation
This posting is provided AS IS with no warranties, and confers no rights.

No comments:

Post a Comment