Is it possible for IIS and SQL server on Separate Machines with integrated auth

Ravikanth[MVP]

Hi

It is possible that IIS and SQL Server can reside on
Seperate Machines and you can use Integrated Windows
Authentication to connect.

Ravikanth

-----Original Message-----
Is it possible for IIS and SQL server on Separate Machineswith integrated windows Authentication in ASP.NET?

The IIS and SQL server are on sepatated machines. I want
to use the Integrated Windows Authentication. In IIS I
enable NTLM. In web.config, I have <authentication
mode="Windows" /> <identity impersonate="true"/>. But
still failed. The IIS pass through account
domainname/IIScomputername$ to SQL Server. But in the IISor in the domain, it doesn't have the such account.

Then I search in Microsoft, found such article
http://msdn.microsoft.com/library/default.asp?
url=/library/en-
us/vbcon/html/vbtskAccessingSQLServerUsingMappedWindowsDo mainUser.asp . It said the SQL server should be running on
the same computer as IIS. But I also found another articlehttp://support.microsoft.com/default.aspx?scid=kb;EN-
US;176379. That's for asp. It said asp can do that. So I'mjust wondering is it possible also for ASP.NET?

robert
.

Nov 17 '05 #1

Follow Post Reply

8187

robert

hi, Ravikanth;

Could you give me more info how to do that? I've tried. I
set the IIS ->Directory Security -> Anonymous access and
authentication control-> edit-> select "integrated windows
authentication", no others. In web.config, <authentication
mode="Windows" /> <identity impersonate="true"/>. In
connection string,"integrated
security=SSPI;Trusted_Connection=Yes; persist security
info=False;" But still failed. The account from IIS send
to SQL server as the login account
is "domainname/IIScomputername$"

So what the problem I've done? how to solve the problem?

In msdn, http://msdn.microsoft.com/library/default.asp?
url=/library/en-
us/vbcon/html/vbtskAccessingSQLServerUsingMappedWindowsDoma
inUser.asp. it said, Integrated security requires: That
SQL server be running on the same computer as IIS. Is that
wrong?

thanks
robert

-----Original Message-----
Hi

It is possible that IIS and SQL Server can reside on
Seperate Machines and you can use Integrated Windows
Authentication to connect.

Ravikanth

-----Original Message-----
Is it possible for IIS and SQL server on Separate

Machines
with integrated windows Authentication in ASP.NET?

The IIS and SQL server are on sepatated machines. I want
to use the Integrated Windows Authentication. In IIS I
enable NTLM. In web.config, I have <authentication
mode="Windows" /> <identity impersonate="true"/>. But
still failed. The IIS pass through account
domainname/IIScomputername$ to SQL Server. But in the

IIS
or in the domain, it doesn't have the such account.

Then I search in Microsoft, found such article
http://msdn.microsoft.com/library/default.asp?
url=/library/en-
us/vbcon/html/vbtskAccessingSQLServerUsingMappedWindowsDo

ma
inUser.asp . It said the SQL server should be running on
the same computer as IIS. But I also found another

article
http://support.microsoft.com/default.aspx?scid=kb;EN-
US;176379. That's for asp. It said asp can do that. So

I'm
just wondering is it possible also for ASP.NET?

robert
.

.

Nov 17 '05 #2

Aidan Glendye

Robert,

If you go through the steps in the following URLs you
should get this set up no problem.

http://support.microsoft.com/default.aspx?scid=kb;en-
us;319723

http://support.microsoft.com/default.aspx?scid=kb;en-
us;810572

Before going through all steps I would recommend that you
check the following:

Advanced option in IE of Enable Integrated Windows
Authentication is selected.

Using these articles enabled me to set up an environment
connecting from Client A -> IIS Server -> SQL Cluster
using integrated security and impersonation.

Hope that helps

Aidan Glendye

-----Original Message-----
hi, Ravikanth;

Could you give me more info how to do that? I've tried. I
set the IIS ->Directory Security -> Anonymous access and
authentication control-> edit-> select "integrated windowsauthentication", no others. In web.config, <authenticationmode="Windows" /> <identity impersonate="true"/>. In
connection string,"integrated
security=SSPI;Trusted_Connection=Yes; persist security
info=False;" But still failed. The account from IIS send
to SQL server as the login account
is "domainname/IIScomputername$"

So what the problem I've done? how to solve the problem?

In msdn, http://msdn.microsoft.com/library/default.asp?
url=/library/en-
us/vbcon/html/vbtskAccessingSQLServerUsingMappedWindowsDom ainUser.asp. it said, Integrated security requires: That
SQL server be running on the same computer as IIS. Is thatwrong?

thanks
robert
-----Original Message-----
Hi

It is possible that IIS and SQL Server can reside on
Seperate Machines and you can use Integrated Windows
Authentication to connect.

Ravikanth

-----Original Message-----
Is it possible for IIS and SQL server on Separate

Machines
with integrated windows Authentication in ASP.NET?

The IIS and SQL server are on sepatated machines. I wantto use the Integrated Windows Authentication. In IIS I
enable NTLM. In web.config, I have <authentication
mode="Windows" /> <identity impersonate="true"/>. But
still failed. The IIS pass through account
domainname/IIScomputername$ to SQL Server. But in the

IIS
or in the domain, it doesn't have the such account.

Then I search in Microsoft, found such article
http://msdn.microsoft.com/library/default.asp?
url=/library/en-
us/vbcon/html/vbtskAccessingSQLServerUsingMappedWindowsD o
ma
inUser.asp . It said the SQL server should be running

onthe same computer as IIS. But I also found another

article
http://support.microsoft.com/default.aspx?scid=kb;EN-
US;176379. That's for asp. It said asp can do that. So

I'm
just wondering is it possible also for ASP.NET?

robert
.

.

.

Nov 17 '05 #3

robert

still doesn't work. Same error.

any other suggestion?

robert

-----Original Message-----
Robert,

If you go through the steps in the following URLs you
should get this set up no problem.

http://support.microsoft.com/default.aspx?scid=kb;en-
us;319723

http://support.microsoft.com/default.aspx?scid=kb;en-
us;810572

Before going through all steps I would recommend that you
check the following:

Advanced option in IE of Enable Integrated Windows
Authentication is selected.

Using these articles enabled me to set up an environment
connecting from Client A -> IIS Server -> SQL Cluster
using integrated security and impersonation.

Hope that helps

Aidan Glendye
-----Original Message-----
hi, Ravikanth;

Could you give me more info how to do that? I've tried. I
set the IIS ->Directory Security -> Anonymous access and
authentication control-> edit-> select "integratedwindows
authentication", no others. In web.config,

<authentication
mode="Windows" /> <identity impersonate="true"/>. In
connection string,"integrated
security=SSPI;Trusted_Connection=Yes; persist security
info=False;" But still failed. The account from IIS send
to SQL server as the login account
is "domainname/IIScomputername$"

So what the problem I've done? how to solve the problem?

In msdn, http://msdn.microsoft.com/library/default.asp?
url=/library/en-
us/vbcon/html/vbtskAccessingSQLServerUsingMappedWindowsDo

ma
inUser.asp. it said, Integrated security requires: That
SQL server be running on the same computer as IIS. Isthat
wrong?

thanks
robert
-----Original Message-----
Hi

It is possible that IIS and SQL Server can reside on
Seperate Machines and you can use Integrated Windows
Authentication to connect.

Ravikanth
-----Original Message-----
Is it possible for IIS and SQL server on Separate
Machines
with integrated windows Authentication in ASP.NET?

The IIS and SQL server are on sepatated machines. I

wantto use the Integrated Windows Authentication. In IIS I
enable NTLM. In web.config, I have <authentication
mode="Windows" /> <identity impersonate="true"/>. But
still failed. The IIS pass through account
domainname/IIScomputername$ to SQL Server. But in the
IIS
or in the domain, it doesn't have the such account.

Then I search in Microsoft, found such article
http://msdn.microsoft.com/library/default.asp?
url=/library/en-
us/vbcon/html/vbtskAccessingSQLServerUsingMappedWindows
Doma
inUser.asp . It said the SQL server should be runningonthe same computer as IIS. But I also found another
article
http://support.microsoft.com/default.aspx?scid=kb;EN-
US;176379. That's for asp. It said asp can do that. So
I'm
just wondering is it possible also for ASP.NET?

robert
.

.

.

.

Nov 17 '05 #4

Scott Allen

Hi Robert:

WIth IIS and SQL on seperate machines, you'll need to go one step past
"impersonation" and look at "delegation" via Kerberos. There is a good
description of why your situation does not work and the steps you
would need to take to use delegation in the following article (see the
"Security" section):

http://www.databasejournal.com/featu...nt.php/2211161
Delegation requires a specific network environment, and is also
riskier from a security perspective, so you might want to consider the
"Delegation Alternatives" in the .net docs:

http://msdn.microsoft.com/library/de...Delegation.asp
On Thu, 31 Jul 2003 23:27:03 -0700, "robert"
<ro**********@atfreeweb.com> wrote:

hi, Ravikanth;

Could you give me more info how to do that? I've tried. I
set the IIS ->Directory Security -> Anonymous access and
authentication control-> edit-> select "integrated windows
authentication", no others. In web.config, <authentication
mode="Windows" /> <identity impersonate="true"/>. In
connection string,"integrated
security=SSPI;Trusted_Connection=Yes; persist security
info=False;" But still failed. The account from IIS send
to SQL server as the login account
is "domainname/IIScomputername$"

So what the problem I've done? how to solve the problem?

--
Scott

Nov 17 '05 #5

Is it possible for IIS and SQL server on Separate Machines with integrated auth

This discussion thread is closed

Similar topics