December 21, 2010 at 5:23 am
Hi Everyone,
We are developing a new product that is an IIS Web Service with a SQL Server backend.
When creating a Login in SQL Server for the IIS Server to use to access to Database, should we advise clients to use the NetworkService account of the IIS web Server or create a dedicated Domain Service account?
I am not sure what is considered best practice?
Many thanks for any guidance you can give.
David
December 21, 2010 at 12:29 pm
a NetworkService account will not be able to access SQL from IIS.
you will need to use a domain account for that unless you create a DSN entry on your IIS server. If you create a DSN entry, that could use a SQL login account.
December 21, 2010 at 12:45 pm
The best practice is to use Local Account (or Domain Account if SQL need access to other domain resources) that is not member of Local Administrators group. Microsoft doesn't recommend to use Network Service Account.
December 21, 2010 at 12:59 pm
Same. Domain Account it's the better solution
December 22, 2010 at 2:44 am
Hi Everyone,
Thank you for your responses.
When SQL Server and IIS are on different servers machines, it is possible to use the Network Service account from the IIS Server by adding the login in SQL Server as <domain>\<IISServername$>
Would I be correct in thinking this is not a good idea because if there are other Web sites/Applications on the IIS Server running under the Network Service Account they would also have access to the SQL Database?
Are there any other reasons not to use the Network Service account from another machine as a SQL Login?
David
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply