Passing IIS Anonymous Account to SQL Server

From: Matt F (anonymous_at_devdex.com)
Date: 05/03/04

Next message: Jill Graham: "Loading controls dynamically + passing parameters"
Previous message: Tom Vogel: "Re: DirectoryNotFoundException - Could not find a part of the path "D:\"."
Next in thread: avnrao: "Re: Passing IIS Anonymous Account to SQL Server"
Reply: avnrao: "Re: Passing IIS Anonymous Account to SQL Server"
Messages sorted by: [ date ] [ thread ]

Date: Mon, 03 May 2004 01:37:13 -0700

Hi all

I was hoping some one could clear up an ASP.Net security question I
have.

I am writing an ASP.NET application that connects to SQL Server. The
security setup (connection string and IIS) will vary depending on the
client who installs it. Some clients will undoubtedly wish to have IIS
and SQL Server on separate machines, with Anonymous authentication in
IIS, and a SQL Server connection string using Windows integrated
security.

I've found that, if I'm using windows integrated security in the
database connection string, and Anonymous authentication at IIS with an
appropriate account specified, the authentication doesn't get passed
through to the remote SQL Server. I'm using Forms authentication in the
ASP.NET app, with impersonation turned on. To get the app to work with
the SQL Server instance on another machine using the configuration
above, I've found I've had to specify a username and password in the
'identity' element where impersonation is turned on. I'm not a big fan
of this as the credentials are in clear text. With old ASP, the account
being used for IIS Anonymous authentication was used, but this seems to
no longer be the case. I know I could probably change the account in
machine.config, but this is also not acceptable given the app will be
sold pre-packaged.

Does anyone have any suggestions? Am I missing something simple??

Thanks

Matt

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

Next message: Jill Graham: "Loading controls dynamically + passing parameters"
Previous message: Tom Vogel: "Re: DirectoryNotFoundException - Could not find a part of the path "D:\"."
Next in thread: avnrao: "Re: Passing IIS Anonymous Account to SQL Server"
Reply: avnrao: "Re: Passing IIS Anonymous Account to SQL Server"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: How to disable all this security?
... Disable ALL security? ... How about disable IIS and SQL Server altogether? ... It seems your ASP.NET cannot access Pub database on SQL server. ...
(microsoft.public.vsnet.general)
Re: EXECUTE PERMISSION DENIED on executing Sproc
... It has to do with SQL Server's security settings. ... to the account you're using to work with your SQL server DB. ... That will depend on how you've configured SQL Server, ... which in turn depends on which version of IIS you're using. ...
(microsoft.public.dotnet.framework.aspnet)
Re: Passing IIS Anonymous Account to SQL Server
... I am not clear enough about making your app imerpsonation enabled.. ... > I am writing an ASP.NET application that connects to SQL Server. ... Some clients will undoubtedly wish to have IIS ...
(microsoft.public.dotnet.framework.aspnet)
Application Roles with IIS
... I wish to use SQL Server 2000 Application Security with an ASP application. ... When I run the ASP app and look at SQL Server Current Activity Process Info, the column Application is showing "Internet Information Services". ... How do I align SQL Server and IIS so that Application Security can be utilised? ...
(microsoft.public.sqlserver.security)
Re: security : a good approach ?
... to protect your SQL server ... against IUSR_x and against IIS using COM+ impersonation. ... COM+ impersonation in fact, never is recommended to increase security, it is ...
(microsoft.public.inetserver.asp.general)