Re: Login Failed asp.net to SQL
From: Wei-Dong Xu [MSFT] (v-wdxu_at_online.microsoft.com)
Date: 11/04/03
- Next message: David Wang [Msft]: "Re: IIS on 2003 Server Cab Download in HTTPS problem."
- Previous message: Wei-Dong Xu [MSFT]: "Re: Question about certificates in IIS"
- In reply to: Medvjed: "Re: Login Failed asp.net to SQL"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 04 Nov 2003 06:23:20 GMT
Hi Medvjed,
Thank you for replying!
In IIS6, if you choose worker process isolation mode(WPIM) to run the asp.net web application, the work process will not use ASPNET to run the
application by default. It will use Network Service account to run it instead of ASPNET. You can find the process mode in the property window
"web sites" node in IIS mmc. In the service tab, if the "Run www service in IIS5 isolation mode" checkbox is not selected, it means the IIS is
running in WPIM. If it is selected, it means that IIS is running in IIS5 isolation mode.
Furthermore, the <ProcessModel> part of Asp.net has no effect on IIS6 WPIM. You can configure these settings in the properties of the
application pool which is used for your asp.net application. You can find your related application pool in the "home directory" tab of the web
application properties. It will be specified in the application pool listbox. Then you can go to the "Application Pools" node to find the appliaction
pool and right click for properties. There is one Identity tab in the propertieswindow which is the security identity you use to run your Asp.net. It
will be the "Network service" by default.
The method that Ken outlined will be useful in your situation. If you set impersonate to true and specify no username with password, your asp.net
application will run in the security context of the request entity including the authenticated user account or the anonymous account.
Furthermore, I also suggest you specify one defined account in the application pool identity tab and SQL server. This way, you don't need to set
the impersonate to TRUE and your application will run in the security of this specifed account. The account should be one domain account so that
SQL server will authenticate this account very smoothly with the help of Active Directory(AD).
For more information on the identity of asp.net, I strongly recommend the following Knowledge Based article:
317012 INFO: Process and Request Identity in ASP.NET
http://support.microsoft.com/?id=317012
You can also find more information about the security from the link below:
Windows NT/Windows 2000 Privilege Strings
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wmisdk/wmi/windows_nt_windows_2000_privilege_strings.asp
In addition, you can also directly specify the username and password in your Asp.net configuration file as encrypted format. Microsoft has released
a tool for you to encrypt cleartext which can make the deployment of your Asp.net very simple. Please see the Knowledge Based article below:
329290 HOW TO: Use the ASP.NET Utility to Encrypt Credentials and Session State
http://support.microsoft.com/?id=329290
With the help of the utility, the information can also be stored in the registry.
Based on my experience, you can use the sql authentication mode rather than windows integrated authentication mode in SQL server. In this way,
you can simply set the sql connection string as encrypted format in the configuration file.
Please feel free to let me know if you have any questions.
Does this answer your question? Thank you for using Microsoft NewsGroup!
Wei-Dong Xu
Microsoft Product Support Services
Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.
- Next message: David Wang [Msft]: "Re: IIS on 2003 Server Cab Download in HTTPS problem."
- Previous message: Wei-Dong Xu [MSFT]: "Re: Question about certificates in IIS"
- In reply to: Medvjed: "Re: Login Failed asp.net to SQL"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
