Re: Best Practice for Windows Authentication?
From: John (IDontLikeSpam_at_Nowhere.com)
Date: 09/16/05
- Previous message: Andrew J. Kelly: "Re: Database roles"
- In reply to: Hugh Mungo: "Re: Best Practice for Windows Authentication?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 16 Sep 2005 10:25:43 -0700
What a coincidence. Same here. I would definitely be interested to know
how to do this best practice also as this is the exact same thing that I'm
currently working on. One slightly different thing here is that we require
individual accounts (so we can track user activity with our sql profiler)
and would believe we would create a windows account on our domain controller
which resides on a different machine than our web (.asp files) and sql
server (also on separate machine) and was wondering if this would be
possible and how to go about doing this. Would it be as straight forward in
changing the connection string in our .asp files specifying windows
authentication? I am not too familiar in how to do this but was thinking of
maybe removing the anonymous account in IIS so that it would force the user
to login with the windows authentication pop up (in the possible situation
if users share a public machine and/or if the machine's operating system is
not windows with a valid corresponding domain windows account on our domain
controller?...which makes me wonder how this would be incorporated into our
connection string in our .asp files? Thanks in advance :)
"Hugh Mungo" <hugh_mungo@hotmail.com> wrote in message
news:eJLVIyruFHA.2312@TK2MSFTNGP14.phx.gbl...
> The solution should work with IIS5 and above.
> We are not using ASP.NET this is a classic ASP application.
>
> "David J. Cartwright" <davidcartwright@hotmail.com> wrote in message
> news:OcQFYgruFHA.2076@TK2MSFTNGP14.phx.gbl...
>> what version of IIS you running ?, using ASP.NET ?
>>
>> http://msdn2.microsoft.com/en-us/library/bsz5788z
>>
>> "Hugh Mungo" <hugh_mungo@hotmail.com> wrote in message
>> news:%23igmiopuFHA.3500@TK2MSFTNGP09.phx.gbl...
>> > Hi,
>> >
>> > We are changing our classic ASP web application to use Windows
>> > Authentication instead of SQL Server Authentication.
>> >
>> > I would like to know the best practice for:
>> > 1. IIS and SQL Server are on the same machine and
>> > 2.When they are on different machines in the same domain.
>> >
>> > I *think* the solution to 1. is to add the IUSR_MACHINENAME user to SQL
>> > Server (this works but is it the best practice?)
>> >
>> > For 2. I have read different opinions. Some say create a
>> > IUSR_IISMACHINENAME
>> > account on the SQL Server and make sure they have the same password.
> Other
>> > say create a user on the domain and use that in IIS as the anonymous
> user
>> > (and give that user the relevant rights on SQL Server)
>> >
>> > I would like to know what is considered the best practice for this sort
> of
>> > authentication.
>> >
>> > Thanks in advance
>> >
>> >
>>
>>
>
>
- Previous message: Andrew J. Kelly: "Re: Database roles"
- In reply to: Hugh Mungo: "Re: Best Practice for Windows Authentication?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
