Re: Login via Anonymous Authentication via IIS



IIS 6.0 ASP.NET applications run in an IIS 6.0 Application Pool. An
application pool has an identity (the windows account under which
credentials the application pool runs). This identity is Network Service by
default. You can change the indentity using IIS 6.0 administrative console.

"Geoff_Olding" <GeoffOlding@xxxxxxxxxxxxxxxxxxxxxxxxx> escribió en el
mensaje news:B63879C5-78E2-41DA-9E68-E43BA712D2D4@xxxxxxxxxxxxxxxx
Thanks for your help

"Dan Guzman" wrote:

I should have said that IIS and SQL Server are running on the same
server
(i.e. the interaction between IIS and SQL Server doesn't need to go
across
the network).

Is the "NT Authority\Network Services" account still used even in this
situation?

Apparently, given the login failed message references that account ;-)

You can grant the access to the local database per article
http://msdn.microsoft.com/en-us/library/ms998320.aspx


--
Hope this helps.

Dan Guzman
SQL Server MVP
http://weblogs.sqlteam.com/dang/

"Geoff_Olding" <GeoffOlding@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:45A73B35-9146-486E-8009-1C8285DC29DA@xxxxxxxxxxxxxxxx
Thanks for your post.

I should have said that IIS and SQL Server are running on the same
server
(i.e. the interaction between IIS and SQL Server doesn't need to go
across
the network).

Is the "NT Authority\Network Services" account still used even in this
situation?

Regards

Geoff Olding

"Dan Guzman" wrote:

Can anyone please tell me why the application is logging into SQL
Server
using the account NT "Authority\Network Service" (rather than
"IUSR_<Machine
Name>").

This is because a local Windows account is recognized only on the
local
machine. Access to network resources from a local account is done
under
the
minimally privileged context of "NT Authority\Network Service"
(anonymous).
Consider using a domain account instead if you need to access network
resources that require authentication.

--
Hope this helps.

Dan Guzman
SQL Server MVP
http://weblogs.sqlteam.com/dang/

"Geoff_Olding" <Geoff_Olding@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:8DD8D2D4-0D6A-42E6-9DE8-58D97376D204@xxxxxxxxxxxxxxxx
Hi

I have an ASP.Net based application, running under IIS6 via
Anonymous
Authentication, using the "IUSR_<Machine Name>" account.

The connection string in the web.config to SQL Server uses windows
authentication.

I have the following line in web.config:
<authentication mode="Windows">

I do not have am <Impersonate> setting.

Can anyone please tell me why the application is logging into SQL
Server
using the account NT "Authority\Network Service" (rather than
"IUSR_<Machine
Name>").

Many thanks






.



Relevant Pages

  • Re: Trusted SQL Connections & NT AUTHORITYNETWORK SERVICE
    ... SYSTEM account in terms of the credentials it uses on the network. ... hitting a SQL Server on the same machine as the web app. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Kerberos from XP to IIS hosting ASP.NET 2.0 Web Service help
    ... If your MS SQL Server is running under a custom /local/ account, ... not sure how Kerberos authentication is supposed to work. ... If SQL Server is running under a domain account, ... you are not authenticating to IIS as anonymous. ...
    (microsoft.public.inetserver.iis.security)
  • Re: backing up to network share issue.
    ... I guess I was confused by your later text where I read it as if you stated that it would be the Agent account ... Tibor Karaszi, SQL Server MVP ... >> impersonation when it accesses the backup file on behalf of the SQL Server ... >>> As Tibor stated, this is not an SQL Server issue, it is a network ...
    (microsoft.public.sqlserver.msde)
  • Re: Unable to Backup on Network
    ... service accoutn from the 'Local System' account to a specific account. ... I like to log in to the SQL server console as the service account to test ... > The operating system on which my SQL Server 2000 is there is Windows 2000> Server while i want to take the backup on another computer on network which> also has same operating system. ...
    (microsoft.public.sqlserver.security)
  • Windows Authentication with IIS on separate machines
    ... -Web Application is using Basic Authentication set in IIS ... -Added user account TESTUSER and gave read access to ... in SQL server but doesn't work if user account was ... Windows account, ...
    (microsoft.public.sqlserver.security)