Connecting to SQL Server using Windows Authentication

  • Thread starter Thread starter Jeremy
  • Start date Start date
J

Jeremy

In my ASP.NET web applications I would like to
use "integrated security=SSPI" instead of supplying a SQL
Server account credentials.

From what I understand there are security policy settings
that need to be setup on the web server to allow for me to
do this, but I'm not 100% sure what they are. I think I
have to allow a remote token (from remote computers) and
Kerberos, and in IIS use Integrated Windows Authentication
(with basic and anonymous turned off).

Anyway, I can't find anything in the security policy
settings that I can look at on my Windows 2000 Pro
development computer that I can play with to see if things
work. Are these things that only server editions have?

So I was wondering if anybody could please send me some
information with how the server(s) (are there any SQL
server configurations that need to setup to allow this to
work?) has to be configured to allow me to use SSPI in my
ASP.NET web applications. A link, some explainations,
anything that might help.

Thanks,
Jeremy
 
You'll need to use the ASP.NET account and make sure the permissions have
been added to the SQL Server.

There are quite a few exapmles in the ADO.NET ng.

HTH,

Bill
 
Thanks for the reply, I'll check out the ADO.NET newsgroup.

So why the ASP.NET account? The whole idea in my
situation is to not be an "anonymous" user accessing the
DB.

Whether you use a "standard" account (ASP.NET, IUSER, SQL
account) you never know who is accessing your Database. I
realize that you loose connection pooling by doing it this
way, but for this situation that's okay.

Jeremy
 
B/C on the web, those people aren't all on your domain. Joe Blow might log
in from his home dial-up account..that's not on your domain...so for SSPI to
work, you need to have a machine connect thats' 'trusted' by the Database.
 
Sorry for not making this clear. All of the users will be
from the same domain. It's an intranet site.

I figured that just the idea in general, about using
Kerberos and Integrated Windows Authentication in IIS
would immediately eliminate any ideas of it being an
internet site.

Like you pointed out, web users at home from a dial up
aren't in the same domain as the web server so Integrated
Window Auth naturally wouldn't work.

I'm sure there have been people who didn't have a good
understanding of how that all works and have asked similar
type questions and needed to be set straight, but
sometimes us developer's need to be given a little bit of
credit for the types of questions we are asking here.

In the future I'll remember to make it clear as crystal
the type of application (intranet, internet, extranet,
OWA) I'm working on when asking questions.

Jeremy
 
Back
Top