Re: Login via Anonymous Authentication via IIS

Thanks for your help

"Dan Guzman" wrote:

I should have said that IIS and SQL Server are running on the same server
(i.e. the interaction between IIS and SQL Server doesn't need to go across
the network).

Is the "NT Authority\Network Services" account still used even in this
situation?

Apparently, given the login failed message references that account ;-)

You can grant the access to the local database per article
http://msdn.microsoft.com/en-us/library/ms998320.aspx


--
Hope this helps.

Dan Guzman
SQL Server MVP
http://weblogs.sqlteam.com/dang/

"Geoff_Olding" <GeoffOlding@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:45A73B35-9146-486E-8009-1C8285DC29DA@xxxxxxxxxxxxxxxx
Thanks for your post.

I should have said that IIS and SQL Server are running on the same server
(i.e. the interaction between IIS and SQL Server doesn't need to go across
the network).

Is the "NT Authority\Network Services" account still used even in this
situation?

Regards

Geoff Olding

"Dan Guzman" wrote:

Can anyone please tell me why the application is logging into SQL
Server
using the account NT "Authority\Network Service" (rather than
"IUSR_<Machine
Name>").

This is because a local Windows account is recognized only on the local
machine. Access to network resources from a local account is done under
the
minimally privileged context of "NT Authority\Network Service"
(anonymous).
Consider using a domain account instead if you need to access network
resources that require authentication.

--
Hope this helps.

Dan Guzman
SQL Server MVP
http://weblogs.sqlteam.com/dang/

"Geoff_Olding" <Geoff_Olding@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:8DD8D2D4-0D6A-42E6-9DE8-58D97376D204@xxxxxxxxxxxxxxxx
Hi

I have an ASP.Net based application, running under IIS6 via Anonymous
Authentication, using the "IUSR_<Machine Name>" account.

The connection string in the web.config to SQL Server uses windows
authentication.

I have the following line in web.config:
<authentication mode="Windows">

I do not have am <Impersonate> setting.

Can anyone please tell me why the application is logging into SQL
Server
using the account NT "Authority\Network Service" (rather than
"IUSR_<Machine
Name>").

Many thanks




.

Relevant Pages

  • Re: Trusted SQL Connections & NT AUTHORITYNETWORK SERVICE
    ... SYSTEM account in terms of the credentials it uses on the network. ... hitting a SQL Server on the same machine as the web app. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: backing up to network share issue.
    ... I guess I was confused by your later text where I read it as if you stated that it would be the Agent account ... Tibor Karaszi, SQL Server MVP ... >> impersonation when it accesses the backup file on behalf of the SQL Server ... >>> As Tibor stated, this is not an SQL Server issue, it is a network ...
    (microsoft.public.sqlserver.msde)
  • Re: Unable to Backup on Network
    ... service accoutn from the 'Local System' account to a specific account. ... I like to log in to the SQL server console as the service account to test ... > The operating system on which my SQL Server 2000 is there is Windows 2000> Server while i want to take the backup on another computer on network which> also has same operating system. ...
    (microsoft.public.sqlserver.security)
  • Re: Network logon issues
    ... > We have a Win2k SQL Server on our network that simply cannot log on at the ... > You can log onto the machine itself using the local administrator account, ... > you can see the system in the list of networked machines, ... Disconnect the SQL server from the network, Run ADUC on one of your DCs, ...
    (microsoft.public.win2000.advanced_server)
  • Re: Error 15401 using sp_grantlogin (not addressed by current KB articles)
    ... Restarting Windows 2000 resolved the problem for this particular account, ... confused when it sees a duplicate SID. ... > One way to get SQL Server to agree with the renamed NT ... > Preview (to ensure the script was created), ...
    (microsoft.public.sqlserver.security)