473,396 Members | 2,010 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > passing iis anonymous account to sql server

Join Bytes to post your question to a community of 473,396 software developers and data experts.

Passing IIS Anonymous Account to SQL Server

Hi all

I was hoping some one could clear up an ASP.Net security question I
have.

I am writing an ASP.NET application that connects to SQL Server. The
security setup (connection string and IIS) will vary depending on the
client who installs it. Some clients will undoubtedly wish to have IIS
and SQL Server on separate machines, with Anonymous authentication in
IIS, and a SQL Server connection string using Windows integrated
security.

I've found that, if I'm using windows integrated security in the
database connection string, and Anonymous authentication at IIS with an
appropriate account specified, the authentication doesn't get passed
through to the remote SQL Server. I'm using Forms authentication in the
ASP.NET app, with impersonation turned on. To get the app to work with
the SQL Server instance on another machine using the configuration
above, I've found I've had to specify a username and password in the
'identity' element where impersonation is turned on. I'm not a big fan
of this as the credentials are in clear text. With old ASP, the account
being used for IIS Anonymous authentication was used, but this seems to
no longer be the case. I know I could probably change the account in
machine.config, but this is also not acceptable given the app will be
sold pre-packaged.

Does anyone have any suggestions? Am I missing something simple??

Thanks

Matt
*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
Nov 18 '05 #1
2 1800
I am not clear enough about making your app imerpsonation enabled.. is it
becuase SQL server needs to know the logged in client to give object based
permissions?

if you dont need impersonation, there are different ways to connect to sql
server (as almost all you mentioned). but the best way would be to create a
windows login for this purpose. give minimum permissions to this login on
the sql box. configure this account as ASP.Net identity (deafult is ASPNET).

hth,
Av.

"Matt F" <an*******@devdex.com> wrote in message
news:OU**************@tk2msftngp13.phx.gbl...
Hi all

I was hoping some one could clear up an ASP.Net security question I
have.

I am writing an ASP.NET application that connects to SQL Server. The
security setup (connection string and IIS) will vary depending on the
client who installs it. Some clients will undoubtedly wish to have IIS
and SQL Server on separate machines, with Anonymous authentication in
IIS, and a SQL Server connection string using Windows integrated
security.

I've found that, if I'm using windows integrated security in the
database connection string, and Anonymous authentication at IIS with an
appropriate account specified, the authentication doesn't get passed
through to the remote SQL Server. I'm using Forms authentication in the
ASP.NET app, with impersonation turned on. To get the app to work with
the SQL Server instance on another machine using the configuration
above, I've found I've had to specify a username and password in the
'identity' element where impersonation is turned on. I'm not a big fan
of this as the credentials are in clear text. With old ASP, the account
being used for IIS Anonymous authentication was used, but this seems to
no longer be the case. I know I could probably change the account in
machine.config, but this is also not acceptable given the app will be
sold pre-packaged.

Does anyone have any suggestions? Am I missing something simple??

Thanks

Matt
*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

Nov 18 '05 #2
Hi

Thanks for your reply.

The client(s) will be setting this web application up and running it
themselves. I was therefore using impersonation (without a specific
login) in an attempt to allow them to configure IIS security how they
wish, and for the ASP.NET app to use whatever IIS is using. This also
may indeed include permissions on SQL Server. It all depends on how the
client wishes to configure their security.

If I got the client to change the ASP.NET identity, won't this affect
any other ASP.NET apps on their server?

Cheers

Matt

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

Nov 18 '05 #3
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

5
What is "anonymous web user account"?
by: CM | last post by:
Hi, There: I am working on a commercial ASP web application which use MS Access 2000 as database. When configuring the database access, I got an error saying that this database is a read-only...
ASP / Active Server Pages
3
ASPX - Anonymous Access in IIS 6
by: muzerb | last post by:
What are the account requirements for aspx pages to be accesse anonymously on Windows 2003 server?. When I view my aspx page in a browser locally or remotely I always ge prompted for user and...
ASP / Active Server Pages
3
Security difference between replacing IUSR_XXX account and no anonymousaccess
by: Glen Scott | last post by:
Hi, I'm writing an ASP app that administers an ISA server remotely. The fact that it's an ISA server isn't my problem I believe. My question? What is the security difference between disabling...
ASP / Active Server Pages
14
NT AUTHORITY\ANONYMOUS LOGON --- SQL server
by: John J. Hughes II | last post by:
I have "Computer A" which is running Win2K3 and MS SQL server. And "Computer B" which is running a service that I have created. If I change the service on "Computer B" to run as a user my program...
C# / C Sharp
2
Authorizing Anonymous User - IIS6/.NET
by: Kevin Hoskins | last post by:
Is there anyway to force authentication of the Anonymous user? Here is the situation: I have an ASP.NET page which calls an assembly which requires a certain level of permissions. The page is...
ASP.NET
10
Preventing login as 'NT AUTHORITY\ANONYMOUS LOGON'
by: et | last post by:
I have an asp.net program that uses a connection string, using integrated security to connect to a sql database. It runs fine on one server, but the other server gives me the error that "Login...
ASP.NET
4
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON
by: Buggyman | last post by:
Hi, I'm having problems with good old error... Login failed for user 'NT Authority\Anonymous logon'. The default web page comes up fine, but when the user attempts to log in (which checks...
ASP.NET
2
Login failed for NT Authority\Anonymous Logon
by: Adnan Al-Ghourabi | last post by:
Hi, We have an application running on IIS 6.0, on a windows 2003 box. The back-end database, a SQL Server 2000, runs on anohter server, windows 2000. We have enabled integrated authentication,...
.NET Framework
3
Anonymous User
by: shapper | last post by:
Hello, On my web site I have a property, Visitor, which is available for Anonymous users: public class Visitor { public CultureInfo Culture { get; set; } public List<GuidPolls { get; set;...
ASP.NET
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice
0
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!