web app - IIS and SQL on different machines

  • Thread starter Thread starter Dan Walls
  • Start date Start date
D

Dan Walls

Hi,

I am deploying an ASP.Net web app into the following scenario:

Internet --> Firewall --> WebServer (IIS) --> [firewall?] --> [database
server]

However I am not sure what sort of authentication options are available to
me in gettingthe application to talk to the SQL server.

How do I talk between the web app and the database server - if TCP/IP then
what mode of authentication do I use? What would a typical connection string
look like?

Are there any references where I can study up on this ? I couldn't find
anything even though I spent half the day looking - mind you it helps to
know what you're looking for.

Thanks very much if you can help me,
Dan.
 
A SQLServer is much like a web server, other than the TCP/IP port it listens
to for requests. The Connection is defined via the Connection String, which
contains a number of parameter values that indicate how the database should
be connected to. It includes such things as the IP address/domain
name/machine name of the SQL Server machine (which one depends upon your
network configuration, which was a bit sketchy), the User Name and Password
you want to connect using, the database to use, and other optional elements.
A good reference for Connection Strings is
http://www.connectionstrings.com/.

You can use Either SQL Server authentication or Windows Authentication.
Which one you use depends upon how the SQL Server is configured. You should
ask your DBA about that.

--
HTH,
Kevin Spencer
..Net Developer
Microsoft MVP
Big things are made up
of lots of little things.
 
Thanks Kevin,

unfortunately I am also the DBA :-). I have the freedom to install and
configure the network as I see fit, so I will configure the network in the
way the provides the best possible security. That is why I am looking at
adding another layer and putting the SQL server on a different machine to
IIS.

It's my understanding that if I communicate via TCP/IP between IIS server
and SQL Server machines then I can only use SQL authentication and NOT
Windows authentication. This is because Windows authentication relies on the
user being recognised by the OS and a tcp 1433 connection would go straight
to the SQL server.

Now - is it possible to use windows networking between the two machines -
and that way I could log in using the IIS_MACHINE/ASPNET user account. This
user account would have to be present on the SQL machine would it not? Would
this work if I gave it the same usernam and password - are there any
inherent security risks with this approach?

Thanks for the connectionstrings.com. That's a good reference. Straight to
the favourites.

Dan.

Kevin Spencer said:
A SQLServer is much like a web server, other than the TCP/IP port it listens
to for requests. The Connection is defined via the Connection String, which
contains a number of parameter values that indicate how the database should
be connected to. It includes such things as the IP address/domain
name/machine name of the SQL Server machine (which one depends upon your
network configuration, which was a bit sketchy), the User Name and Password
you want to connect using, the database to use, and other optional elements.
A good reference for Connection Strings is
http://www.connectionstrings.com/.

You can use Either SQL Server authentication or Windows Authentication.
Which one you use depends upon how the SQL Server is configured. You should
ask your DBA about that.

--
HTH,
Kevin Spencer
.Net Developer
Microsoft MVP
Big things are made up
of lots of little things.

Dan Walls said:
Hi,

I am deploying an ASP.Net web app into the following scenario:

Internet --> Firewall --> WebServer (IIS) --> [firewall?] --> [database
server]

However I am not sure what sort of authentication options are available to
me in gettingthe application to talk to the SQL server.

How do I talk between the web app and the database server - if TCP/IP then
what mode of authentication do I use? What would a typical connection string
look like?

Are there any references where I can study up on this ? I couldn't find
anything even though I spent half the day looking - mind you it helps to
know what you're looking for.

Thanks very much if you can help me,
Dan.
Click to expand...
Click to expand...
 
Now - is it possible to use windows networking between the two machines -
and that way I could log in using the IIS_MACHINE/ASPNET user account. This
user account would have to be present on the SQL machine would it not? Would
this work if I gave it the same usernam and password - are there any
inherent security risks with this approach?
Click to expand...

Actually, you can use Windows Authentication as long as the 2 machines are
on the same Domain, using Active Directory accounts. In any case, as long as
the 2 machines are on the same LAN, and behind the same Firewall (configured
correctly), you shouldn't have any security problems using either method. If
you find it easier to work with SQL Server authentication, by all means, use
that.

--
HTH,
Kevin Spencer
..Net Developer
Microsoft MVP
Big things are made up
of lots of little things.

Dan Walls said:
Thanks Kevin,

unfortunately I am also the DBA :-). I have the freedom to install and
configure the network as I see fit, so I will configure the network in the
way the provides the best possible security. That is why I am looking at
adding another layer and putting the SQL server on a different machine to
IIS.

It's my understanding that if I communicate via TCP/IP between IIS server
and SQL Server machines then I can only use SQL authentication and NOT
Windows authentication. This is because Windows authentication relies on the
user being recognised by the OS and a tcp 1433 connection would go straight
to the SQL server.

Now - is it possible to use windows networking between the two machines -
and that way I could log in using the IIS_MACHINE/ASPNET user account. This
user account would have to be present on the SQL machine would it not? Would
this work if I gave it the same usernam and password - are there any
inherent security risks with this approach?

Thanks for the connectionstrings.com. That's a good reference. Straight to
the favourites.

Dan.

Kevin Spencer said:
A SQLServer is much like a web server, other than the TCP/IP port it listens
to for requests. The Connection is defined via the Connection String, which
contains a number of parameter values that indicate how the database should
be connected to. It includes such things as the IP address/domain
name/machine name of the SQL Server machine (which one depends upon your
network configuration, which was a bit sketchy), the User Name and Password
you want to connect using, the database to use, and other optional elements.
A good reference for Connection Strings is
http://www.connectionstrings.com/.

You can use Either SQL Server authentication or Windows Authentication.
Which one you use depends upon how the SQL Server is configured. You should
ask your DBA about that.

--
HTH,
Kevin Spencer
.Net Developer
Microsoft MVP
Big things are made up
of lots of little things.

Dan Walls said:
Hi,

I am deploying an ASP.Net web app into the following scenario:

Internet --> Firewall --> WebServer (IIS) --> [firewall?] --> [database
server]

However I am not sure what sort of authentication options are
Click to expand...
Click to expand...
available
to
Click to expand...
Click to expand...
 
Back
Top