Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

Security Best Practices Expand / Collapse
Author
Message
Posted Friday, October 24, 2008 10:03 AM


SSC Veteran

SSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC Veteran

Group: General Forum Members
Last Login: Thursday, August 7, 2014 4:41 PM
Points: 238, Visits: 652
Hi all. I am hoping to get some information on security best practices for an ASP.Net web application accessing a remote reporting server. Recently there was an issue with the app using Impersonate = True. From my understanding, the user credentials will pass to IIS and if NTLM authentication is used there is a one hop limit. This limit causes ASP.Net to use the default local account to access the remote server (access denied). My question is, is it a bad practice to create a low level service account in AD to use for IIS that has low level permissions to the reporting server?
Post #591332
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse