Integrated security

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

How do I create trusted security between my web server and my sql server?
I don't know the account and password that my web server is running under.
 
The instructions for IIS 6 and 5 are vastly different. I'll just assume
you're using IIS 6 (partly because I'm hella lazy), and give you the
instructions for only those. If you are using IIS 5, lemme know and I'll
give you those instructions instead.

So in Win2k3, IIS 6, you have this ulta new hall cool thing called
"Application Pools". In IIS manager under control panel -> Administrative
Tools -> IIS Manager, you can simply create a new application pool,
configure it to use a particular username password that has access to the
SQL Server, and then go to the virtual directory/website, and in it's
properties instruct it to use that particular application pool.

Thats it, you got integrated security on ASP.NET now .. isn't that COOL? :)

Obviously there are other ways to acheive this, but I like this method the
mostest :)

- Sahil Malik
http://codebetter.com/blogs/sahil.malik/
 
Sahil,
Thanks for the information, but it leaves a lot of questions unanswered.
If I create a new NT account that matches my sql login, what kind of NT
privileges do I have to give to it?
I use IIS 5.0 and IIS 5.1 most of the time.

Arne.
 
Arne,

The permissions ASPNET or it's equivalent will need to run properly on a
windows 2000/IIS 5 box, are detailed here.

http://www.microsoft.com/resources/...aaconaspnetrequiredaccesscontrollistsacls.asp

You are on the right path in your thinking about creating a matching
username/password on both machines. On the SQL Server it has access to the
DB, and on the web server this user has access to as per the definied in the
link above.

Once you're done with this setup, you have two options - which essentially
substitute for the Application pool setup we did for IIS6.

You can put that in your web.config as --
<system.web>
<authorization>
<identity impersonate="true" userName="yourNewUsername"
password="yourStrongPassword" />
</authorization>
</system.web>

Or, you can let IIS impersonate those details in two steps (better way)
Step #1 -- In the properties for your website/virtual dir, go to Directory
Security and click the edit button beside Anonymous access and
authentication control configure the new username and password over there.
Step #2 - Let IIS provide those impersonation details via a trusted
connection by editing your web.config as follows -
<system.web>
<authorization>
<identity impersonate="true" />
</authorization>
</system.web>

A YET another way is to edit the machine.config file and put the pasword in
there to edit the default context. This would be at
<processmode .. userName="ASPNET" password ="YourNewFunkyPassword"/>
This is obviously global and a bit less secure.

- Sahil Malik
http://codebetter.com/blogs/sahil.malik/
 
BTW, I don't claim to be an ASP.NET expert :), but I have to add that you
might be able to get AWESOME help in the aspnet newsgroup too .. but hey not
like I don't wanna help .. :), so please do ask away. I might learn
somethin' new if nothin' else.

- Sahil Malik
http://codebetter.com/blogs/sahil.malik/
 
Back
Top