By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
432,403 Members | 855 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 432,403 IT Pros & Developers. It's quick & easy.

De-impersonate to connect to SQL as Machine Account

P: n/a
Hi there,

My ASP.NET application has impersonation turned on in web.config as
follows:

<identity impersonate="true" />

However, now I need to connect to a SQL database. Rather than allowing
every single AD user access to the database, I'd like to connect to SQL
server as the computer account, e.g. MYWEBSERVER$. This should simplify
SQL security management, but most importantly, enable SQL connection
pooling.

If I turn impersonation off for the entire application (in web.config)
I get the desired result, i.e. the application runs as NETWORK SERVICE
user (IIS AppPool user), and I am able to connect to SQL -- good.
However this affects other parts of the application that require
impersonation to be turned on.

There doesn't seem to be a way to turn impersonation on or off per
page.

Is there a way to "temporarily" turn off impersonation? Or any other
way to connect to SQL and pass NETWORK SERVICE as the credentials?

Thanks,
-Oleg.

May 30 '06 #1
Share this Question
Share on Google+
1 Reply


P: n/a
see RevertToSelf in the windows api. because ado.net pooling is lazy about
connecting, you will have to surround all sql statements with RevertToSelf
and restore impersonation statements.
-- bruce (sqlwork.com)

"Oleg Ogurok" <Ol*********@gmail.com> wrote in message
news:11**********************@j73g2000cwa.googlegr oups.com...
Hi there,

My ASP.NET application has impersonation turned on in web.config as
follows:

<identity impersonate="true" />

However, now I need to connect to a SQL database. Rather than allowing
every single AD user access to the database, I'd like to connect to SQL
server as the computer account, e.g. MYWEBSERVER$. This should simplify
SQL security management, but most importantly, enable SQL connection
pooling.

If I turn impersonation off for the entire application (in web.config)
I get the desired result, i.e. the application runs as NETWORK SERVICE
user (IIS AppPool user), and I am able to connect to SQL -- good.
However this affects other parts of the application that require
impersonation to be turned on.

There doesn't seem to be a way to turn impersonation on or off per
page.

Is there a way to "temporarily" turn off impersonation? Or any other
way to connect to SQL and pass NETWORK SERVICE as the credentials?

Thanks,
-Oleg.

May 30 '06 #2

This discussion thread is closed

Replies have been disabled for this discussion.