Sorry for not making this clear. All of the users will be
from the same domain. It's an intranet site.
I figured that just the idea in general, about using
Kerberos and Integrated Windows Authentication in IIS
would immediately eliminate any ideas of it being an
internet site.
Like you pointed out, web users at home from a dial up
aren't in the same domain as the web server so Integrated
Window Auth naturally wouldn't work.
I'm sure there have been people who didn't have a good
understanding of how that all works and have asked similar
type questions and needed to be set straight, but
sometimes us developer's need to be given a little bit of
credit for the types of questions we are asking here.
In the future I'll remember to make it clear as crystal
the type of application (intranet, internet, extranet,
OWA) I'm working on when asking questions.
Jeremy
-----Original Message-----
B/C on the web, those people aren't all on your domain.
Joe Blow might login from his home dial-up account..that's not on your
domain...so for SSPI towork, you need to have a machine connect thats' 'trusted'
by the Database."Jeremy" <an*******@discussions.microsoft.com> wrote in
messagenews:01****************************@phx.gbl... Thanks for the reply, I'll check out the ADO.NET
newsgroup.
So why the ASP.NET account? The whole idea in my
situation is to not be an "anonymous" user accessing the
DB.
Whether you use a "standard" account (ASP.NET, IUSER,
SQL account) you never know who is accessing your
Database. I realize that you loose connection pooling by doing it
this way, but for this situation that's okay.
Jeremy
>-----Original Message-----
>You'll need to use the ASP.NET account and make sure
the permissions have >been added to the SQL Server.
>
>There are quite a few exapmles in the ADO.NET ng.
>
>HTH,
>
>Bill
>"Jeremy" <an*******@discussions.microsoft.com> wrote in
message >news:00****************************@phx.gbl...
>> In my ASP.NET web applications I would like to
>> use "integrated security=SSPI" instead of supplying a
SQL >> Server account credentials.
>>
>> From what I understand there are security policy
settings >> that need to be setup on the web server to allow for
me to >> do this, but I'm not 100% sure what they are. I
think I >> have to allow a remote token (from remote computers)
and >> Kerberos, and in IIS use Integrated Windows
Authentication >> (with basic and anonymous turned off).
>>
>> Anyway, I can't find anything in the security policy
>> settings that I can look at on my Windows 2000 Pro
>> development computer that I can play with to see if
things >> work. Are these things that only server editions
have? >>
>> So I was wondering if anybody could please send me
some >> information with how the server(s) (are there any SQL
>> server configurations that need to setup to allow
this to >> work?) has to be configured to allow me to use SSPI
in my >> ASP.NET web applications. A link, some
explainations, >> anything that might help.
>>
>> Thanks,
>> Jeremy
>
>
>.
>
.
