What's the proper way to setup this account in SQL Server?
We're using Windows authentication on our network and to give any user permission in the database I have to grant it to the ASPNET account. This seems to defeat the purpose of using Windows authentication because anyone that opens the ASP.NET page will have those rights in the database even if they aren't listed as a user in the DB.
For example, I give read-only rights to the ASPNET account and even if I give an individual user db_datawriter rights, they still cannot write to the DB unless I grant the ASPNET account db_datawriter rights. Then anyone can save/modify the data.Is SQL server installed on the same machine as IIS?
This will have an impace on how the ASPNET user operates.
Both are on the same machine.
set impersonation on in the web config file
<impersonate=true/>
Or something to that affect...
This is a good article on the microsoft site, it explains the different methods for accessing SQL server.
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vbcon/html/vbconaccessingsqlserverfromwebapplication.asp
This is also a good article.
http://support.microsoft.com/default.aspx?scid=kb;en-us;815154
Originally posted by hellswraith
set impersonation on in the web config file
<impersonate=true/>
Or something to that affect...
that did the trick. well actually it was
<identity impersonate="true" />
then you can get rid of the ASPNET account if using Windows authentication.
Does anyone know if this impersonate would work if IIS and SQL server are on different machines.
I have a feeling it won't but I am happy to be told I am wrong.
I'm pretty sure they have to be on the same machine. I think I read that on MSDN.
That was my understanding. The first article in on of my previous posts talks about it.
Sometimes I wonder if I understand it the way they mean it.
From my interpretation of the article, You need to have the SQL Server and IIS (web server) on the same machine if you want to use Windows authentication OR anonymous access with the ASPNET account.
If you want to access the SQL Server using a Mapped Windows Domain User or prompting for the username and password and passing them as credentials then you don't need the SQL Server and web server on the same machine.
I went on ASP.NET training last week where IIS and SQL were on the same server, the ASPNET account was used.
We came away thinking that is how it naturally worked. It took me half a day and some searching to find out it wasn't so cut and dried.
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment