connection string issue in app with integrated security

  • I am a sql server DBA. I am not completely aware of how IIS recognizes a sql server windows login credentials.

    This is for our testing only and doesnt reflect any prod or development env's. Right now we have created a new domain TESTApp.xyz.local and added an Active Passive windows and SQL Server Cluster set up to this domain. So my test database server is testdb\apptest. Our test app server is sitting on a different domain which is abc.local. The app server name is appserver1. Now I have restored the databases in testdb\apptest instance for the apps being hosted on appserver1. How do I ensure that the user will be able to login to application?

    Apps are using .net framework 4 and using IIS. If i create a domain account say appuser.xyz.local and create a login for this in testdb\apptest and give appropriate permissions on the database then how will the app be able to use this user to login to the app? what changes are required here at IIS as well as config file level. Currently the config files are using integrated security.

    Need your help experts

    “If your actions inspire others to dream more, learn more, do more and become more, you are a leader.” -- John Quincy Adams

  • you need to change the application pool identity to your domain user "appuser.xyz.local" and disable Anonymous authentication and enable Windows Auth in the website.

    Bob
    -----------------------------------------------------------------------------
    How to post to get the best help[/url]

  • Robert klimes (8/21/2013)


    you need to change the application pool identity to your domain user "appuser.xyz.local" and disable Anonymous authentication and enable Windows Auth in the website.

    OK..I will do that and see how it goes..Do you think any changes are required in the config file??

    “If your actions inspire others to dream more, learn more, do more and become more, you are a leader.” -- John Quincy Adams

  • I think you only need to change the web.config integrated security value if you wanted to use pass through authentication (ie use logged in to website is logged into db). This is a little more complicated because you need to trust user for delegation and create spn for website. There may be other settings as well.

    Bob
    -----------------------------------------------------------------------------
    How to post to get the best help[/url]

  • Robert klimes (8/21/2013)


    I think you only need to change the web.config integrated security value if you wanted to use pass through authentication (ie use logged in to website is logged into db). This is a little more complicated because you need to trust user for delegation and create spn for website. There may be other settings as well.

    OK..So this something for a .net or an IIS team to look at?

    “If your actions inspire others to dream more, learn more, do more and become more, you are a leader.” -- John Quincy Adams

  • if you plan on using pass-though, then DBA, IIS, and AD teams may be involved. all depends on who can do what.

    Bob
    -----------------------------------------------------------------------------
    How to post to get the best help[/url]

Viewing 6 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic. Login to reply