Re: ASP.NET (IIS 6.0) Windows authentication/SQL Server problem

From: Chris Jackson (chrisj_at_mvps.org)
Date: 10/06/03


Date: Mon, 6 Oct 2003 15:59:49 -0400

How are you doing your authentication? The matrix here will explain what
credentials you are passing - note that you will want to pass a domain
account rather than a local account if you are authenticating to a different
machine.

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetAP05.asp

-- 
Chris Jackson
Software Engineer
Microsoft MVP - Windows XP
Windows XP Associate Expert
-- 
"Nick Gilbert" <news@nickgilbert.com> wrote in message
news:uudoeyciDHA.1952@TK2MSFTNGP10.phx.gbl...
> Hi,
>
> On Windows 2000, I use the following connection string in my ASP.NET
> applications:
>
> <add key="ConnectionString" value="server=(local);Integrated
> Security=SSPI;database=knowledge" />
>
> I then created a login in SQL Server for the ASPNET/<machine name> user
and
> assigned it to a WWWUsers role. This meant that SQL Server automatically
> made requests from the website under the WWWUsers role. In IIS, I then
> removed anonymous access from the /admin/ folder on the website, which
then
> caused IE to prompt for a username and password. If I logged in as
> 'webadmin' and a webadmin login had been created on SQL Server for that
> database in the WWWAdmins role, then it would automatically run website
> queries by administrators under the WWWAdmins role.
>
> *HOWEVER*, under Windows 2003 Server (IIS6), this seems to be broken. It
> either doesn't prompt for a username and password, or if it does, it seems
> to ignore it completely and SQL Server still puts me in the WWWUsers role.
I
> have put the NETWORK AUTHORITY/NETWORK SERVICE user in the WWWUsers role,
> and the webadmin user (a valid Windows account) is still in the WWWAdmins
> role.
>
> Why is IIS 6 not behaving the same way as IIS 5.5 on Windows 2000? Have I
> made a mistake somewhere or is there a way to make it work in the same way
> as Windows 2000?
>
> Thanks,
>
> Nick Gilbert
>
>
>
>


Relevant Pages

  • Re: VS2005: SQL Debugging "T-SQL execution ended without debugging. You may not have sufficient
    ... > account also must be a member of the sysadmin role in the target SQL ... and the Windows firewall is disabled on both client & server. ... to the remote SQL Server 2005. ... But I'm still getting the "T-SQL execution ended without debugging. ...
    (microsoft.public.vsnet.debugging)
  • Re: Utter madness!
    ... It is just Windows security stuff. ... You can get a trusted connection back to SQL server. ... ASP.NET account (either processModel or app pool identity depending on ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Passthrough authenication w/ SQL trusted connection
    ... separate connection will be used for each security context (each user ... account will have it's own pool). ... if you are using a Windows 2000 Domain, ... backend SQL Server. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Search services not available
    ... Let me clarify that our SQL server uses Windows Authentication, ... account, even if it was just for now to get it working, that would be easier ... I have configured the Search service to use this ...
    (microsoft.public.sharepoint.windowsservices)
  • Re: Permissions!
    ... This account is used because your web ... application is configured for anonymous access instead of integrated ... The details on how to use Windows ... SQL Server MVP ...
    (microsoft.public.sqlserver.security)