Is it possible for IIS and SQL server on Separate Machines with integrated auth

  • Thread starter Thread starter Ravikanth[MVP]
  • Start date Start date
R

Ravikanth[MVP]

Hi

It is possible that IIS and SQL Server can reside on
Seperate Machines and you can use Integrated Windows
Authentication to connect.

Ravikanth
 
hi, Ravikanth;

Could you give me more info how to do that? I've tried. I
set the IIS ->Directory Security -> Anonymous access and
authentication control-> edit-> select "integrated windows
authentication", no others. In web.config, <authentication
mode="Windows" /> <identity impersonate="true"/>. In
connection string,"integrated
security=SSPI;Trusted_Connection=Yes; persist security
info=False;" But still failed. The account from IIS send
to SQL server as the login account
is "domainname/IIScomputername$"

So what the problem I've done? how to solve the problem?

In msdn, http://msdn.microsoft.com/library/default.asp?
url=/library/en-
us/vbcon/html/vbtskAccessingSQLServerUsingMappedWindowsDoma
inUser.asp. it said, Integrated security requires: That
SQL server be running on the same computer as IIS. Is that
wrong?

thanks
robert
 
Robert,

If you go through the steps in the following URLs you
should get this set up no problem.

http://support.microsoft.com/default.aspx?scid=kb;en-
us;319723

http://support.microsoft.com/default.aspx?scid=kb;en-
us;810572

Before going through all steps I would recommend that you
check the following:

Advanced option in IE of Enable Integrated Windows
Authentication is selected.

Using these articles enabled me to set up an environment
connecting from Client A -> IIS Server -> SQL Cluster
using integrated security and impersonation.

Hope that helps

Aidan Glendye
 
Hi Robert:

WIth IIS and SQL on seperate machines, you'll need to go one step past
"impersonation" and look at "delegation" via Kerberos. There is a good
description of why your situation does not work and the steps you
would need to take to use delegation in the following article (see the
"Security" section):

http://www.databasejournal.com/features/mssql/print.php/2211161


Delegation requires a specific network environment, and is also
riskier from a security perspective, so you might want to consider the
"Delegation Alternatives" in the .net docs:

http://msdn.microsoft.com/library/d...y/en-us/vsent7/html/vxconASPNETDelegation.asp
 
Back
Top