Hello All,
Running IIS 6 and ASP.NET, the only way an application can access SQL Server
seems to be as "NT AUTHORITY / NETWORK SERVICE" (or an alias specified in
the <identity> element within "web.config"). This is analagous to the
"ASPNET" user for IIS 5 and ASP.NET.
In a secure (SSL) web running in IIS 6 with authentication, we're interested
in getting from ASP.NET the behavior we get from ASP 3.0. When the ASP
application logs onto the SQL Server database, it does so under the logon of
the actual user. There does not appear to me to be a way to make this
happen. And, as a result, we feel as though we have lost a layer of
security--the security of the database!
Any ideas or suggestions are welcome.
Thanks a lot!
JimInside
<system.web>
I added
<identity impersonate="true" />
It worked like a charm!
Jim
"Jim Moon" <jmoon()at()uab.edu> wrote in message
news:ec4zWdtXEHA.3596@.tk2msftngp13.phx.gbl...
> Hello All,
> Running IIS 6 and ASP.NET, the only way an application can access SQL
Server
> seems to be as "NT AUTHORITY / NETWORK SERVICE" (or an alias specified in
> the <identity> element within "web.config"). This is analagous to the
> "ASPNET" user for IIS 5 and ASP.NET.
> In a secure (SSL) web running in IIS 6 with authentication, we're
interested
> in getting from ASP.NET the behavior we get from ASP 3.0. When the ASP
> application logs onto the SQL Server database, it does so under the logon
of
> the actual user. There does not appear to me to be a way to make this
> happen. And, as a result, we feel as though we have lost a layer of
> security--the security of the database!
> Any ideas or suggestions are welcome.
> Thanks a lot!
> Jim
>
Showing posts with label authority. Show all posts
Showing posts with label authority. Show all posts
Sunday, February 19, 2012
ASPNET & NETWORK SERVICE accounts hitting SQL Server
Hello.
Running IIS 6 and ASP.NET, the only way an application can access SQL Server
seems to be as "NT AUTHORITY / NETWORK SERVICE" (or an alias specified in
the <identity> element within "web.config"). This is analagous to the
"ASPNET" user for IIS 5 and ASP.NET.
In a secure (SSL) web running in IIS 6 with authentication, we're interested
in getting from ASP.NET the behavior we get from ASP 3.0. When the ASP
application logs onto the SQL Server database, it does so under the logon of
the actual user. There does not appear to me to be a way to make this
happen. And, as a result, we feel as though we have lost a layer of
security--the security of the database!
Any ideas or suggestions are welcome.
Thanks,
JimHi Jim,
In order to make this work you'll need to be in a 2000 or 2003 domain
with Security Delegation Enabled.
Thanks,
Kevin McDonnell
Microsoft Corporation
This posting is provided AS IS with no warranties, and confers no rights.
Running IIS 6 and ASP.NET, the only way an application can access SQL Server
seems to be as "NT AUTHORITY / NETWORK SERVICE" (or an alias specified in
the <identity> element within "web.config"). This is analagous to the
"ASPNET" user for IIS 5 and ASP.NET.
In a secure (SSL) web running in IIS 6 with authentication, we're interested
in getting from ASP.NET the behavior we get from ASP 3.0. When the ASP
application logs onto the SQL Server database, it does so under the logon of
the actual user. There does not appear to me to be a way to make this
happen. And, as a result, we feel as though we have lost a layer of
security--the security of the database!
Any ideas or suggestions are welcome.
Thanks,
JimHi Jim,
In order to make this work you'll need to be in a 2000 or 2003 domain
with Security Delegation Enabled.
Thanks,
Kevin McDonnell
Microsoft Corporation
This posting is provided AS IS with no warranties, and confers no rights.
Subscribe to:
Posts (Atom)