We're working on an internal web-based business app that will be used only by employees. However, our business is distributed with offices worldwide so while many of our employees will be accessing the site from within our domain, many more will be accessing from outside the domain.
My understanding is that browsers authenticating from outside the domain will not be able to use Kerberos; but Kerberos is required for a server (like our web server) to be able to pass credentials (or impersonation credentials) to another server on the domain (such as our sql server).
One reason that we want the authenticated user's credentials to pass on to the sql server is because our system is currently set up with triggers to handle logging of CRUD operations. We want to write to log files anyone changes or deletes a record ... whether through SSMS or through our app or through some other means.
What is needed to accomplish this and is it even possible? What do we need to put into place to allow an external user authenticated through ISA to our web server to have their credentials used when accessing SQL Server?
Thanks for your help!
View Complete Post