Best Practice for Windows Authentication?
From: Hugh Mungo (hugh_mungo_at_hotmail.com)
Date: 09/16/05
- Next message: David J. Cartwright: "Re: Best Practice for Windows Authentication?"
- Previous message: John Bell: "Re: Database protection"
- Next in thread: David J. Cartwright: "Re: Best Practice for Windows Authentication?"
- Reply: David J. Cartwright: "Re: Best Practice for Windows Authentication?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 16 Sep 2005 09:39:58 +0100
Hi,
We are changing our classic ASP web application to use Windows
Authentication instead of SQL Server Authentication.
I would like to know the best practice for:
1. IIS and SQL Server are on the same machine and
2.When they are on different machines in the same domain.
I *think* the solution to 1. is to add the IUSR_MACHINENAME user to SQL
Server (this works but is it the best practice?)
For 2. I have read different opinions. Some say create a IUSR_IISMACHINENAME
account on the SQL Server and make sure they have the same password. Other
say create a user on the domain and use that in IIS as the anonymous user
(and give that user the relevant rights on SQL Server)
I would like to know what is considered the best practice for this sort of
authentication.
Thanks in advance
- Next message: David J. Cartwright: "Re: Best Practice for Windows Authentication?"
- Previous message: John Bell: "Re: Database protection"
- Next in thread: David J. Cartwright: "Re: Best Practice for Windows Authentication?"
- Reply: David J. Cartwright: "Re: Best Practice for Windows Authentication?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
