How do I connect to SQL from classic ASP using domain service account?

  • In the past I have always used a connection string like the following in an include file in my classic asp pages to connect to my SQL server using a local SQL account:

    oConn.ConnectionString = "Provider=SQLOLEDB.1; Network Library=dbmssocn;Password=mypassword;User ID=localsqlaccount;Initial Catalog=mydatabase;Data Source=myserver"

    They are bringing up a new server with only Windows Authentication and will have a domain service account to access the database. How do I connect to the database now from my include file now?

  • I use http://connectionstrings.com/ to find any connection string information I can't remember. You can "replace" the Password and User Id attributes with either Trusted_Connection=True or Integrated Security = SSPI.

  • It appears you can't specify a username and password while using a trusted/integrated security connection string.

    Data Source=myServerAddress;Initial Catalog=myDataBase;Integrated Security=SSPI;

    So what I had to do was create an application pool to run as the identity of the domain account by impersonation. Then use a trusted or integrated security connection string as shown above. Anything that runs in that app pool/virtual directory runs as the impersonated user and therefore can gain access to the database.

    Here is a MS doc that pointed me in the right direction http://msdn.microsoft.com/en-us/library/ms998292.aspx

  • As far as I can tell, you're asking two separate things here.

    One is how to set a connection string to use Integrated Security. The other is how to make your web application know who that user is, so that it can actually use Integrated Security.

    The connection string supplied should work. Your other issue is having your webserver understand who is connecting to it. In IIS 6+, you configure this by going to the properties of the website you want to configure, go under the Directory Security tab, and disable anonymous access. If you don't, all users will be trying to connect under the ASP worker process (username would be ASPNET I believe). Apache does it differently. By setting the application pool to run under a particular user, every user connecting to the web application will connect as that user; if that's what you want, fine. If you want users to log in to your site, then disable anonymous access, and use Authenticated Access. This is not a DB security question, it's a web configuration question.

Viewing 4 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply