473,473 Members | 1,997 Online
Bytes | Software Development & Data Engineering Community
Create Post

Home Posts Topics Members FAQ

asp.net sql trusted connections between machines

Rob

So we have a client who doesn't want to run a Service Level Account
(either via an Application Pool or IIS impersonation) and we need to
connect to a remote SQL Server instance w/ Read-Write permissions. They
don't want to do it that way due to the maintenance issues with
passwords in multiple locations.

We're using an OLE connection to SQL server and currently have the
username and password obfuscated (not strong encryption but not) in the
connection string in the web.config. Looking for a better alternative.

We've looked into things such as described here:

http://idunno.org/dotNet/trustedConnections.aspx

This is a secured, internal app: Where I'm confused is why the standard
Windows Authentication setting for access via IIS doesn't seem pass the
users credentials to the SQL Server (even with impersonate=true in
web.config). Ideally we just wanted to have read-write windows group and
add users that way. The connection to SQL with impersonation and Windows
Authentication remains either IIS or the Application Pool Identity?

So, two questions:

1. is this impersonation behavior with IIS and Windows Authentication
documented anywhere (need to show them via a reliable source this
doesn't work beyond the fact that its not working)

2. Short of encrypting the user connection information in the registry
(also a maintenance hassle) are there any other options?

many thanks,

Rob
Nov 19 '05 #1
2 1175
there is a lot of documentation

full description of iis/asp.net security:
http://msdn.microsoft.com/library/de...ersonation.asp

managing identity in bi objects:
http://www.microsoft.com/technet/sec.../P3ASPD_1.mspx

security patterns for asp.net:
http://msdn.microsoft.com/practices/...cnetlpmsdn.asp

these should get you started. in short if you want to use the user
credentials to connect to sqlserver, you will need to switch to kerberos for
authenication, and enable identity delegation.

http://msdn.microsoft.com/library/de...SecNetHT05.asp
-- bruce (sqlwork.com)

"Rob" <ro*@nospamforme.com> wrote in message
news:%2***************@TK2MSFTNGP14.phx.gbl...

So we have a client who doesn't want to run a Service Level Account
(either via an Application Pool or IIS impersonation) and we need to
connect to a remote SQL Server instance w/ Read-Write permissions. They
don't want to do it that way due to the maintenance issues with passwords
in multiple locations.

We're using an OLE connection to SQL server and currently have the
username and password obfuscated (not strong encryption but not) in the
connection string in the web.config. Looking for a better alternative.

We've looked into things such as described here:

http://idunno.org/dotNet/trustedConnections.aspx

This is a secured, internal app: Where I'm confused is why the standard
Windows Authentication setting for access via IIS doesn't seem pass the
users credentials to the SQL Server (even with impersonate=true in
web.config). Ideally we just wanted to have read-write windows group and
add users that way. The connection to SQL with impersonation and Windows
Authentication remains either IIS or the Application Pool Identity?

So, two questions:

1. is this impersonation behavior with IIS and Windows Authentication
documented anywhere (need to show them via a reliable source this doesn't
work beyond the fact that its not working)

2. Short of encrypting the user connection information in the registry
(also a maintenance hassle) are there any other options?

many thanks,

Rob

Nov 19 '05 #2
Rob

Thanks for the links and info. I'll check them out. I appreciate it.

Rob

Bruce Barker wrote:
there is a lot of documentation

full description of iis/asp.net security:
http://msdn.microsoft.com/library/de...ersonation.asp

managing identity in bi objects:
http://www.microsoft.com/technet/sec.../P3ASPD_1.mspx

security patterns for asp.net:
http://msdn.microsoft.com/practices/...cnetlpmsdn.asp

these should get you started. in short if you want to use the user
credentials to connect to sqlserver, you will need to switch to kerberos for
authenication, and enable identity delegation.

http://msdn.microsoft.com/library/de...SecNetHT05.asp
-- bruce (sqlwork.com)

"Rob" <ro*@nospamforme.com> wrote in message
news:%2***************@TK2MSFTNGP14.phx.gbl...
So we have a client who doesn't want to run a Service Level Account
(either via an Application Pool or IIS impersonation) and we need to
connect to a remote SQL Server instance w/ Read-Write permissions. They
don't want to do it that way due to the maintenance issues with passwords
in multiple locations.

We're using an OLE connection to SQL server and currently have the
username and password obfuscated (not strong encryption but not) in the
connection string in the web.config. Looking for a better alternative.

We've looked into things such as described here:

http://idunno.org/dotNet/trustedConnections.aspx

This is a secured, internal app: Where I'm confused is why the standard
Windows Authentication setting for access via IIS doesn't seem pass the
users credentials to the SQL Server (even with impersonate=true in
web.config). Ideally we just wanted to have read-write windows group and
add users that way. The connection to SQL with impersonation and Windows
Authentication remains either IIS or the Application Pool Identity?

So, two questions:

1. is this impersonation behavior with IIS and Windows Authentication
documented anywhere (need to show them via a reliable source this doesn't
work beyond the fact that its not working)

2. Short of encrypting the user connection information in the registry
(also a maintenance hassle) are there any other options?

many thanks,

Rob


Nov 19 '05 #3
Create Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
2
trusted SQL server connection
by: C.O.Jones | last post by:
Hi, I've got SQL2000 Evaluation edition running on my own Windows XP Pro computer. I've installed it fine, and created some sample databases. It works fine. I can connect using Windows...
Latest Bytes
0
using a trusted connection in am ASP. Net web farm
by: Mike | last post by:
I have a web farm (10 win 2003 machines) running an ASP .Net application (IIS 6.0) how can I use trusted connections on the 10 boxes to connect to a MS SQL 2000 database? Do I have to configure...
Latest Bytes
2
Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection.
by: Blake Versiga | last post by:
I am pulling my hair out..... I am trying to put a bound data grid on a webform... I have 4 data connections in my server explorer, all of which connect successfully. But when I run the web...
Latest Bytes
2
Trusted connection won't work...
by: Paul M | last post by:
Hi, I've just implemented my first application onto a test web server. When the code comes to creating a connection object it throws an error saying the "Login failed for user '(null)'. Reason...
Latest Bytes
2
Trusted connections??
by: Paul M | last post by:
Hi folks, Just want to make sure I've got this right. I've got an application I want to authenticate to the domain i.e. an intranet app. I've set this up (all the web.config items are in...
Latest Bytes
5
Using SQL trusted connections with ASP.NET
by: Adam Getchell | last post by:
Hello all, I've read over: http://idunno.org/dotNet/trustedConnections.aspx I would like to use a trusted connection vice using encrypted database strings:...
Latest Bytes
4
Database Access and trusted connections
by: Shawn H. Mesiatowsky | last post by:
I have a strange problem here. I have my development computer with IIS installed, and we have a SQL server as well on a windows 2000 server. both are members of a domain. I have restricted access...
Latest Bytes
5
Database Connection - Not Associated With Trusted Connection
by: Mythran | last post by:
I have a test server and a development machine. I have SQL Server installed on both, the installations are pretty much identical. Both servers are in the same domain. When I run my application...
Latest Bytes
4
the project location is not fully trusted by .net runtime
by: Quan | last post by:
I have a solution with several vb.net projects in it. I developed the code in one machine then copied all the files in the other machine to continue the development. The projects are on the local...
Latest Bytes
2
multiple TCP connections
by: Jack | last post by:
Hi c++ guru's I need your help. I have 4 machines and I need them to be able to communicate to each other via peer to peer architecture. I know that when we have two machines one machine acts as...
Latest Bytes
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Latest Bytes
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Latest Bytes
1
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Latest Bytes
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
Latest Bytes
0
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
Latest Bytes
0
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The...
Latest Bytes
0
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Latest Bytes
1
muto222
php
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
Latest Bytes
0
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence...
Latest Bytes

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us