Integrated security with IIS 6.0 without explicit Anonymous a/c ri
From: tapman (tapman_at_discussions.microsoft.com)
Date: 02/10/05
- Next message: Rob: "Re: Trigger on Insert for Current Record Only"
- Previous message: Fat Superman: "Re: Trigger problem (losing my mind here!)"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 10 Feb 2005 09:01:08 -0800
Is it possible to make use of a windows account which has been granted least
previleges in SQL Server Database to be used through connection string by IIS
6.0 which has Anonymous access allowed?
As per the microsoft support documents which I went through, best suggestion
I found was to make use of SQL server login which has minimum previleges and
pass those credentials through connection string which can be used by ASP
pages for anonymous users.
I want to take advantage of Integrated Security without compromising web
server security by allowing explicit user rights to NT AUTHORITY \
IUSER_computername account. So what I am thinking of is using Windows Only
security in SQL , create Windows user, assign least permissions in SQL
Database to that user and then pass those credentials in connection string to
IIS.
I tried that, but failed as it kept on giving errors "Not associated with
trusted SQL connection". It should have worked, I used .UDL file, supplied IP
ADDRESS,PORT NUMBER, then in username, supplied SERVERNAME/LOGINNAME but it
gave abovementioned error.
Please advise.
- Next message: Rob: "Re: Trigger on Insert for Current Record Only"
- Previous message: Fat Superman: "Re: Trigger problem (losing my mind here!)"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
