473,389 Members | 1,322 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,389 software developers and data experts.

IIS 6 and Windows Authentication to SQL Server 2000

I am running a Windows Server 2003 machine as my web server. I would
like to use Windows authentication for connections to my SQL Server
2000 instance on a Windows 2000 server. I've read where mirroring the
ASPNET account and password on the web server and SQL server would
work. However, with IIS 6, ASP.NET runs under the 'NT
AUTHORITY\NETWORK SERVICE' account. Should I change the password of
the 'NT AUTHORITY\NETWORK SERVICE' account to something I know, and
create a mirrored 'NETWORK SERVICE' account on my SQL server? Or,
should I create another user like 'MY_WEB_USER' and mirror that on both
machines?

In short, how do I get Windows authentication to work between a Windows
Server 2003 web server and a Windows 2000 SQL server?

Thanks!

Nov 19 '05 #1
6 4192
If you are truly using Windows Authentication, ie a user has an account on
the domain as well as SQL Server, you will do the following:

1. Ensure the user cannot sign in as anonymous
2. Add their account to a group that has SQL rights

You may mean "bastardized windows authentication", meaning SQL Server uses
WIndows Authentication, but you are using anon accounts in IIS. If you go
this route, you are advised to impersonate an account rather than give a
local account rights on another box. One way to easily do this is to place
the assembly in COM+ and declaratively assign a domain account to the
application.
---

Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

***************************
Think Outside the Box!
***************************
"mcollier" wrote:
I am running a Windows Server 2003 machine as my web server. I would
like to use Windows authentication for connections to my SQL Server
2000 instance on a Windows 2000 server. I've read where mirroring the
ASPNET account and password on the web server and SQL server would
work. However, with IIS 6, ASP.NET runs under the 'NT
AUTHORITY\NETWORK SERVICE' account. Should I change the password of
the 'NT AUTHORITY\NETWORK SERVICE' account to something I know, and
create a mirrored 'NETWORK SERVICE' account on my SQL server? Or,
should I create another user like 'MY_WEB_USER' and mirror that on both
machines?

In short, how do I get Windows authentication to work between a Windows
Server 2003 web server and a Windows 2000 SQL server?

Thanks!

Nov 19 '05 #2
Hi,
Are both the servers in the same domain?
If so create a domain user account and switch the identity of the ASP.NET
worker process to this acccount. You can do this by creating a new
application pool in IIS6.

Now configure this acccount as a login for sql server.

Don't forget to add this user to the IIS_WPG group on your Win2K3 machine.

HTH
--
Vikram Vamshi
Eclipsys Corporation
"mcollier" <mi*************@gmail.com> wrote in message
news:11**********************@f14g2000cwb.googlegr oups.com...
I am running a Windows Server 2003 machine as my web server. I would
like to use Windows authentication for connections to my SQL Server
2000 instance on a Windows 2000 server. I've read where mirroring the
ASPNET account and password on the web server and SQL server would
work. However, with IIS 6, ASP.NET runs under the 'NT
AUTHORITY\NETWORK SERVICE' account. Should I change the password of
the 'NT AUTHORITY\NETWORK SERVICE' account to something I know, and
create a mirrored 'NETWORK SERVICE' account on my SQL server? Or,
should I create another user like 'MY_WEB_USER' and mirror that on both
machines?

In short, how do I get Windows authentication to work between a Windows
Server 2003 web server and a Windows 2000 SQL server?

Thanks!

Nov 19 '05 #3
Both servers are not in the same domain. I've done this before when I
had two Windows 2000 servers. Having one Windows 2003 and one Windows
2000 server seems to be somewhat more confusing.

Nov 19 '05 #4
What you did for WIndows 2000 should still work for Win2K3.

Create a user on both the machines with the same username and password.
Then configure the ASP.NET worker process to run under this user account on
win2k3 machine
and configure sql on win2k machine to accept this user as a valid login.

As long as the username/password are same on both the machines this should
work.

hth

--
Vikram Vamshi
Eclipsys Corporation
"mcollier" <mi*************@gmail.com> wrote in message
news:11**********************@f14g2000cwb.googlegr oups.com...
Both servers are not in the same domain. I've done this before when I
had two Windows 2000 servers. Having one Windows 2003 and one Windows
2000 server seems to be somewhat more confusing.

Nov 19 '05 #5
Ok, I think I see where you're going with this. I was thinking I could
use the ASPNET or NETWORK SERVICE account for both servers. But, that
doesn't appear to be the case. What you're saying is that I could
create a user on both servers, for example MY_WEB_USER. Then, set the
ASP.NET worker process to run as this account. I would also need to
give that user the correct permissions (similar to NETWORK SERVICE
probably). Sound about right?

Nov 19 '05 #6
Yep,
That is what I had in mind.
Let us know how it goes.

Thanks
--
Vikram Vamshi
Eclipsys Corporation
"mcollier" <mi*************@gmail.com> wrote in message
news:11**********************@f14g2000cwb.googlegr oups.com...
Ok, I think I see where you're going with this. I was thinking I could
use the ASPNET or NETWORK SERVICE account for both servers. But, that
doesn't appear to be the case. What you're saying is that I could
create a user on both servers, for example MY_WEB_USER. Then, set the
ASP.NET worker process to run as this account. I would also need to
give that user the correct permissions (similar to NETWORK SERVICE
probably). Sound about right?

Nov 19 '05 #7

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

8
by: Bob Everland | last post by:
I have an application that is ISAPI and the only way to secure it is through NT permissions. I need to have a way to login to windows authentication so that when I get to the ISAPI application no...
1
by: Marino | last post by:
Hi all, I have a Windows 2003 server, which is also a terminal server for application, with sql 2000 installed. My company has developed an application that uses SQL 2000 as its database. The...
3
by: Steven Fox | last post by:
============================================================ About DB2 Administration Tools Environment ============================================================ DB2 administration tools level:...
2
by: Vaap | last post by:
I did lot of googling to see if I can solve the SQL server not found problem while trying to run ASP.Net community starter kit from an XP machine to Windows 2003 server hosting SQL server 2000...
5
by: pberna | last post by:
Dear all, I built a Web Form application to start and stop a Windows Service remotely. I successful tested the application on Windows 2000 server + IIS. I must include the ASPNET user to the...
2
by: Maziar Aflatoun | last post by:
Hi guys, I'm using Windows authentication to connect to SQL Server 2000. On my computer the connection is fine. Now if I move it to a remote server, how to I hard code my Username/Password in...
7
by: Alice Wong | last post by:
I am setting up my Web ASP.net application to connect to Sql server using windows authentication. I set up IIS to have integrated windows authenication and sql to allow Windows authentication....
1
by: Doug | last post by:
The Setup --------------- Machine A: Windows 2000 Workstation Machine B: Windows 2000 Server running IIS 5.0 Machine C: Windows 2000 Server running SQL Server 2000 * User is logged into...
2
by: DaBrain | last post by:
I am no DBA, but this is my task. I have an SQL Server 2000 Database that has an "SQL Account" that has execute permission on all Stored procedures. it is what was used by the company. This...
0
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
0
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
0
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
0
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
0
BarryA
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
1
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
0
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
0
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
0
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.