| Author |
Best Practice for Windows Authentication?
|
|
| Hugh Mungo 2005-09-16, 7:23 am |
| Hi,
We are changing our classic ASP web application to use Windows
Authentication instead of SQL Server Authentication.
I would like to know the best practice for:
1. IIS and SQL Server are on the same machine and
2.When they are on different machines in the same domain.
I *think* the solution to 1. is to add the IUSR_MACHINENAME user to SQL
Server (this works but is it the best practice?)
For 2. I have read different opinions. Some say create a IUSR_IISMACHINENAME
account on the SQL Server and make sure they have the same password. Other
say create a user on the domain and use that in IIS as the anonymous user
(and give that user the relevant rights on SQL Server)
I would like to know what is considered the best practice for this sort of
authentication.
Thanks in advance
| |
| David J. Cartwright 2005-09-16, 7:23 am |
| what version of IIS you running ?, using ASP.NET ?
http://msdn2.microsoft.com/en-us/library/bsz5788z
"Hugh Mungo" <hugh_mungo@hotmail.com> wrote in message
news:%23igmiopuFHA.3500@TK2MSFTNGP09.phx.gbl...
> Hi,
>
> We are changing our classic ASP web application to use Windows
> Authentication instead of SQL Server Authentication.
>
> I would like to know the best practice for:
> 1. IIS and SQL Server are on the same machine and
> 2.When they are on different machines in the same domain.
>
> I *think* the solution to 1. is to add the IUSR_MACHINENAME user to SQL
> Server (this works but is it the best practice?)
>
> For 2. I have read different opinions. Some say create a
> IUSR_IISMACHINENAME
> account on the SQL Server and make sure they have the same password. Other
> say create a user on the domain and use that in IIS as the anonymous user
> (and give that user the relevant rights on SQL Server)
>
> I would like to know what is considered the best practice for this sort of
> authentication.
>
> Thanks in advance
>
>
| |
| Hugh Mungo 2005-09-16, 9:23 am |
| The solution should work with IIS5 and above.
We are not using ASP.NET this is a classic ASP application.
"David J. Cartwright" < davidcartwright@hotm
ail.com> wrote in message
news:OcQFYgruFHA.2076@TK2MSFTNGP14.phx.gbl...
> what version of IIS you running ?, using ASP.NET ?
>
> http://msdn2.microsoft.com/en-us/library/bsz5788z
>
> "Hugh Mungo" <hugh_mungo@hotmail.com> wrote in message
> news:%23igmiopuFHA.3500@TK2MSFTNGP09.phx.gbl...
Other[color=darkred]
user[color=darkred]
of[color=darkred]
>
>
| |
|
| What a coincidence. Same here. I would definitely be interested to know
how to do this best practice also as this is the exact same thing that I'm
currently working on. One slightly different thing here is that we require
individual accounts (so we can track user activity with our sql profiler)
and would believe we would create a windows account on our domain controller
which resides on a different machine than our web (.asp files) and sql
server (also on separate machine) and was wondering if this would be
possible and how to go about doing this. Would it be as straight forward in
changing the connection string in our .asp files specifying windows
authentication? I am not too familiar in how to do this but was thinking of
maybe removing the anonymous account in IIS so that it would force the user
to login with the windows authentication pop up (in the possible situation
if users share a public machine and/or if the machine's operating system is
not windows with a valid corresponding domain windows account on our domain
controller?...which makes me wonder how this would be incorporated into our
connection string in our .asp files? Thanks in advance :)
"Hugh Mungo" <hugh_mungo@hotmail.com> wrote in message
news:eJLVIyruFHA.2312@TK2MSFTNGP14.phx.gbl...
> The solution should work with IIS5 and above.
> We are not using ASP.NET this is a classic ASP application.
>
> "David J. Cartwright" < davidcartwright@hotm
ail.com> wrote in message
> news:OcQFYgruFHA.2076@TK2MSFTNGP14.phx.gbl...
> Other
> user
> of
>
>
| |
| learner. 2005-09-17, 3:23 am |
|
--
_-=?/today_-=?/354
"Hugh Mungo" wrote:
> Hi,
>
> We are changing our classic ASP web application to use Windows
> Authentication instead of SQL Server Authentication.
>
> I would like to know the best practice for:
> 1. IIS and SQL Server are on the same machine and
> 2.When they are on different machines in the same domain.
>
> I *think* the solution to 1. is to add the IUSR_MACHINENAME user to SQL
> Server (this works but is it the best practice?)
>
> For 2. I have read different opinions. Some say create a IUSR_IISMACHINENAME
> account on the SQL Server and make sure they have the same password. Other
> say create a user on the domain and use that in IIS as the anonymous user
> (and give that user the relevant rights on SQL Server)
>
> I would like to know what is considered the best practice for this sort of
> authentication.
>
> Thanks in advance
>
>
>
|
|
|
|