N
Nick Gilbert
Hi,
On Windows 2000, I use the following connection string in my ASP.NET
applications:
<add key="ConnectionString" value="server=(local);Integrated
Security=SSPI;database=knowledge" />
I then created a login in SQL Server for the ASPNET/<machine name> user and
assigned it to a WWWUsers role. This meant that SQL Server automatically
made requests from the website under the WWWUsers role. In IIS, I then
removed anonymous access from the /admin/ folder on the website, which then
caused IE to prompt for a username and password. If I logged in as
'webadmin' and a webadmin login had been created on SQL Server for that
database in the WWWAdmins role, then it would automatically run website
queries by administrators under the WWWAdmins role.
*HOWEVER*, under Windows 2003 Server (IIS6), this seems to be broken. It
either doesn't prompt for a username and password, or if it does, it seems
to ignore it completely and SQL Server still puts me in the WWWUsers role. I
have put the NETWORK AUTHORITY/NETWORK SERVICE user in the WWWUsers role,
and the webadmin user (a valid Windows account) is still in the WWWAdmins
role.
Why is IIS 6 not behaving the same way as IIS 5.5 on Windows 2000? Have I
made a mistake somewhere or is there a way to make it work in the same way
as Windows 2000?
Thanks,
Nick Gilbert
On Windows 2000, I use the following connection string in my ASP.NET
applications:
<add key="ConnectionString" value="server=(local);Integrated
Security=SSPI;database=knowledge" />
I then created a login in SQL Server for the ASPNET/<machine name> user and
assigned it to a WWWUsers role. This meant that SQL Server automatically
made requests from the website under the WWWUsers role. In IIS, I then
removed anonymous access from the /admin/ folder on the website, which then
caused IE to prompt for a username and password. If I logged in as
'webadmin' and a webadmin login had been created on SQL Server for that
database in the WWWAdmins role, then it would automatically run website
queries by administrators under the WWWAdmins role.
*HOWEVER*, under Windows 2003 Server (IIS6), this seems to be broken. It
either doesn't prompt for a username and password, or if it does, it seems
to ignore it completely and SQL Server still puts me in the WWWUsers role. I
have put the NETWORK AUTHORITY/NETWORK SERVICE user in the WWWUsers role,
and the webadmin user (a valid Windows account) is still in the WWWAdmins
role.
Why is IIS 6 not behaving the same way as IIS 5.5 on Windows 2000? Have I
made a mistake somewhere or is there a way to make it work in the same way
as Windows 2000?
Thanks,
Nick Gilbert