RE: IIS 6 and Windows Authentication to SQL Server 2000

From: Cowboy (Gregory A. Beamer) - MVP (NoSpamMgbworld_at_comcast.netNoSpamM)
Date: 02/21/05 

Date: Mon, 21 Feb 2005 12:21:04 -0800

If you are truly using Windows Authentication, ie a user has an account on
the domain as well as SQL Server, you will do the following:

1. Ensure the user cannot sign in as anonymous
2. Add their account to a group that has SQL rights

You may mean "bastardized windows authentication", meaning SQL Server uses
WIndows Authentication, but you are using anon accounts in IIS. If you go
this route, you are advised to impersonate an account rather than give a
local account rights on another box. One way to easily do this is to place
the assembly in COM+ and declaratively assign a domain account to the
application. 

---
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA
***************************
Think Outside the Box!
***************************
"mcollier" wrote:
> I am running a Windows Server 2003 machine as my web server.  I would
> like to use Windows authentication for connections to my SQL Server
> 2000 instance on a Windows 2000 server.  I've read where mirroring the
> ASPNET account and password on the web server and SQL server would
> work.  However, with IIS 6, ASP.NET runs under the 'NT
> AUTHORITY\NETWORK SERVICE' account.  Should I change the password of
> the 'NT AUTHORITY\NETWORK SERVICE' account to something I know, and
> create a mirrored 'NETWORK SERVICE' account on my SQL server?  Or,
> should I create another user like 'MY_WEB_USER' and mirror that on both
> machines?
> 
> In short, how do I get Windows authentication to work between a Windows
> Server 2003 web server and a Windows 2000 SQL server?
> 
> Thanks!
> 
>
Quantcast