Deployable SQL Server authentication for ASP.NET

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi,

We have an ASP.NET application that connects to a SQL Server database.
Historically we have used a trusted connection, and during our database
creation, created granted database access to the system account
<SQLSERVERNAME>\ASPNET.

This appears to work great on XP in that IIS appears to connect to the SQL
Server database as that user, and so it could access the data appropriately.

On Windows Server 2003, there is no ASPNET user, but instead there appears
to be an IIS_WPG group that does a similar thing.

On Vista, there now appears to be an IIS_USRS group.

What I'm looking for is some idea of what others do when you distribute a
SQL Server/ASP.NET application that you want to run on all OS's. What
security model do you use for authentication? Do you somehow detect the
platform and grant the appropriate access?

Many thanks,

Dave
 
When you develop an ASP.NET application, you, as developer, should know
which user account is expected to run your app (by default, it is ASPNET for
Win2K/WinXP and Network Service for Win2003, and it is configurable by you
or by admin). It is not fixed according to OS. You or the admin have the
control to choose which user account to use. As long as you decided which
user account(s) would run your app, simply grant necessary SQL Server access
to the user account(s). It seems that you need a bit more study on how to
configure IIS/ASP.NET to use different user account.
 
It is normal to post something useful when replying to someone's question.

My question contained more detailed information than your response. :)

If you feel I 'need more study', then please be useful and point to some
articles that offer information related what I was asking.
 
It is also normal that someone let original poster know that his/her
question is pointing to wrong direction and suggest a new direction to
go/study. If you do not think it helps or you do not want to do the due
research, than you have a problem more than you can solve.

After these a few days, if you actually did the study, I really like to
believe you already got the answers to your original question. If you
haven't, trust me, a bit research on ASP.NET/IIS security configuration
(authentication and authorization) not more than a couple of hours, you
would get the answers.

If I have a question and someone points me a correct (or even possible
correct direction) to study, I'd appreciate the help very much, rather than
blaming for lack of step by step tutorial. Good luck on waiting for detailed
help, which may never come.
 
Back
Top