ASP connection to SQL using NT security

Question

ASP connection to SQL using NT security

Viewing 3 posts - 16 through 17 (of 17 total)

You must be logged in to reply to this topic. Login to reply

mill4023 Newbie Points: 4 More actions · Answer 1

OK, I'm still unclear. Does the one-hop limitation still apply when using IIS 5.0?

Right now, our apps are mostly standard VB6 apps running on a client PC. Everything is done using stored procs on SQL Server 2000. All of our users have logins set up in SQL for their Windows domain accounts and access is controlled by granting exec permission on stored procedures to the user's domain account in SQL Server. So we are using Windows authentication for all the connections made to SQL to execute stored procedures.

We will be developing most of our new apps as ASP.Net applications running on IIS 5.0 and accessing a SQL 2000 db on a separate server. I would like to control access the same way (through stored procedure permissions) and I would prefer not making users enter user name and password.

If I give IIS a guest account on SQL Server, can I still control access to stored procs based on which user is connected to the web page?

Some of the apps will be used to add and edit data in the db so I need to be able to record who made the change in the db.

What are my options?

Thanks

Steve Jones - SSC Editor SSC Guru Points: 734444 More actions · Answer 2

If all your users have SQL accounts (based on NT accounts), then you should be able to auth them in IIS (be sure this is set) and then their user account should be used to access SQL. Only the server and Db need to be specified. No user or password.

Steve Jones

steve@dkranch.net

mill4023 Newbie Points: 4 More actions · Answer 3

Well, this is what I was trying and I got the "Login failed for user <null> " error.

Here's what I have setup:

Under my web app's security properties I have anonymous access disabled and I have Integrated Windows authentication enabled.

In my web.config I have <impersonate = true> set. My sql connection string has no user name or password. It has Integrated Security = SSPI set. I have a login on the SQL Server for my personal domain account.

IIS is on my machine, SQL Server is on a different machine. When I browse to my page from my machine, it works fine. When I use a different machine to browse to my page, I can get to it, but when I click the button that fires the event that tries to connect to SQL, I get the login failed for user null message.