From SQL Server Books online, the members of the enumerated type,
SQLDMO_AUDIT_TYPE are:
SQLDMOAudit_All 3 Log all authentication attempts - success or failure
SQLDMOAudit_Failure 2 Log failed authentication
SQLDMOAudit_None 0 Do not log authentication attempts
SQLDMOAudit_Success 1 Log successful authentication
Sample Log Entries
The following list shows some sample log entries for successful and failed entries in
the SQL Server logs.
Successful login using Integrated Windows authentication:
2002-07-06 22:54:32.42 logon Login succeeded for user 'SOMEDOMAIN\Bob'.
Connection: Trusted.
Successful login using SQL standard authentication:
2002-07-06 23:13:57.04 logon Login succeeded for user 'SOMEDOMAIN\Bob'.
Connection: Non-Trusted.
Failed Login:
2002-07-06 23:21:15.35 logon Login failed for user 'SOMEDOMAIN\BadGuy'.
IIS Logging
IIS logging can be set to different formats. If you use W3C Extended Logging, then
you can take advantage of some additional information. For example, you can turn
on Time Taken to log how long a page takes to be served. This can be helpful for
isolating slow pages on your production Web site. You can also enable URI Query
which will log Query String parameters, which can be helpful for troubleshooting
GET operations against your Web pages. The figure below shows the Extended
Properties dialog box for IIS logging.
IIS extended logging properties
Troubleshooting Tools
The list of tools presented in this section can prove invaluable and will help you
diagnose both security and non-security related problems.
File Monitor (FileMon.exe)
This tool allows you to monitor files and folders for access attempts. It is extremely
useful to deal with file access permission issues. It is available from
www.sysinternals.com.
More Information
For more information see the Knowledge Base article Q286198, “HOWTO: Track
‘Permission Denied’ Errors on DLL Files”.
Fusion Log Viewer (Fuslogvw.exe)
Fusion Log Viewer is provided with the .NET Framework SDK. It is a utility that
can be used to track down problems with Fusion binding (see the .NET Framework
documentation for more information).
To create Fusion logs for ASP.NET, you need to provide a log path in the registry
and you need to enable the log failures option through the Fusion Log Viewer
utility.
To provide a log path for your log files, use regedit.exe and add a directory location,
such as e:\MyLogs, to the following registry key:
[HKLM\Software\Microsoft\Fusion\LogPath]
ISQL.exe
ISQL can be used to test SQL from a command prompt. This can be helpful when
you want to efficiently test different logins for different users. You run ISQL by
typing isql.exe at a command prompt on a computer with SQL Server installed.
Connecting Using SQL Authentication
You can pass a user name by using the –U switch and you can optionally specify the
password with the –P switch. If you don’t specify a password, ISQL will prompt
you for one. The following command, issued from a Windows command prompt,
results in a password prompt. The advantage of this approach (rather than using
the –P switch) is that the password doesn’t appear on screen.
C:\ >isql -S YourServer -d pubs -U YourUser
Password:
Connecting Using Windows Authentication
You can use the –E switch to use a trusted connection which uses the security
context of the current interactively logged on user.
C:\ >isql -S YourServer -d pubs -E
Running a Simple Query
Once you are logged in, you can run a simple query, such as the one shown below.
1> use pubs
2> SELECT au_lname, au_fname FROM authors
3> go
To quit ISQL, type quit at the command prompt.
Windows Task Manager
Windows Task Manager on Windows XP and Windows .NET Server allows you to
display the identity being used to run a process.
To view the identity under which a process is running
1. Start Task Manager.
2. Click the Processes tab.
3. From the View menu, click Select Columns.
4. Select User Name, and click OK.
The user name (process identity) is now displayed.
Network Monitor (NetMon.exe)
NetMon is used to capture and monitor network traffic.
More Information
See the following Knowledge Base articles:
Q243270, “HOW TO: Install Network Monitor in Windows 2000”
Q148942, “HOW TO: Capture Network Traffic with Network Monitor”
Q252876, “HOW TO: View HTTP Data Frames Using Network Monitor”
Q294818, “Frequently Asked Questions About Network Monitor”
There are a couple of additional tools to capture the network trace when the client
and the server are on the same machine (this can’t be done with Netmon):
tcptrace.exe. Available from www.pocketsoap.com. This is particularly useful
for Web services since you can set it up to record and show traffic while your
application runs. You can switch to Basic authentication and use tcptrace to
see what credentials are being sent to the Web service.
packetmon.exe. Available from www.analogx.com. This is a cut down version
of Network Monitor, but much easier to configure.
Registry Monitor (regmon.exe)
This tool allows you to monitor registry access. It can be used to show read accesses
and updates either from all processes or from a specified set of processes. This tool
is very useful when you need to troubleshoot registry permission issues. It is available
from www.sysinternals.com.
WFetch.exe
This tool is useful for troubleshooting connectivity issues between IIS and Web
clients. In this scenario, you may need to view data that is not displayed in the Web
browser, such as the HTTP headers that are included in the request and response
packets.
Building Secure ASP.NET Applications
More Information
For more information about this tool and the download, see the Knowledge Base
article Q284285, “How to Use Wfetch.exe to Troubleshoot HTTP Connections”.
Visual Studio .NET Tools
The Microsoft .NET Framework SDK security tools can be found at
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cptools/html
/cpconnetframeworktools.asp
More Information
See the following Knowledge Base articles:
Q316365, “INFO: ROADMAP for How to Use the .NET Performance Counters”
Q308626, “INFO: Roadmap for Debugging in .NET Framework and Visual
Studio”
Q317297, “INFO: Roadmap for Debugging Hangs, Memory Leaks in VB .NET”
WebServiceStudio
This tool can be used as a generic client to test the functionality of your Web service.
It captures and displays the SOAP response and request packets.
You can download the tool from http://www.gotdotnet.com/team/tools/web_svc
/default.aspx
Windows 2000 Resource Kit
Available from http://www.microsoft.com/windows2000/techinfo/reskit/default.asp
For a complete tools list, see http://www.microsoft.com/windows2000/techinfo/reskit
/tools/default.asp
0 comments:
Post a Comment