RE: Integrated Security in the DMZ
- From: Arne Garvander <ArneGarvander@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 23 Jan 2008 07:24:11 -0800
Sean,
Thanks for your ideas.
They sounds like an interesting idea, but I think there is more to it.
I need to make IIS run under that account.
I already have set my website in IIS with a domain account. Now email is
trusted, but sql authentication is not trusted.
To make things more complicate, I have a remote share defined in IIS. That
remote share has its own identity which is different from the Identity that I
use for the website.
--
Arne Garvander
Certified Geek
Professional Data Dude
"Sean McCown" wrote:
You have to setup a trust between the DMZ domain and the internal domain. If.
your DMZ isn't an actual domain, then you'll have to setup a local windows
acct on your sql box and use that acct to access on the DMZ side.
So say on your sql box you setup a LOCAL user acct 'MySQLUser'
You would setup the same LOCAL user acct on the DMZ box as well. Use the
same password and everything. Then when you make the connection to the sql
box from outside the domain, it will validate the windows permissions and
should let you through because you're connecting with the same named acct and
password.
If neither of those 2 work, then just use sql auth and be done with it.
"Arne Garvander" wrote:
I have a test web server in a domain. The IIS identity as a domain account.
The website can access SQl Server (2005) using integrated security.
I have a production web server in DMZ out side the domain. How can I setup
the webserver to use integrated security? The SQL server is inside the domain.
--
Arne Garvander
Certified Geek
Professional Data Dude
- Prev by Date: RE: Urgent problem about SQL Server
- Next by Date: Re: Record level security?
- Previous by thread: Re: Default permissions on new database
- Next by thread: Certificate Renwal
- Index(es):
Relevant Pages
|
|
