R
Rob
So we have a client who doesn't want to run a Service Level Account
(either via an Application Pool or IIS impersonation) and we need to
connect to a remote SQL Server instance w/ Read-Write permissions. They
don't want to do it that way due to the maintenance issues with
passwords in multiple locations.
We're using an OLE connection to SQL server and currently have the
username and password obfuscated (not strong encryption but not) in the
connection string in the web.config. Looking for a better alternative.
We've looked into things such as described here:
http://idunno.org/dotNet/trustedConnections.aspx
This is a secured, internal app: Where I'm confused is why the standard
Windows Authentication setting for access via IIS doesn't seem pass the
users credentials to the SQL Server (even with impersonate=true in
web.config). Ideally we just wanted to have read-write windows group and
add users that way. The connection to SQL with impersonation and Windows
Authentication remains either IIS or the Application Pool Identity?
So, two questions:
1. is this impersonation behavior with IIS and Windows Authentication
documented anywhere (need to show them via a reliable source this
doesn't work beyond the fact that its not working)
2. Short of encrypting the user connection information in the registry
(also a maintenance hassle) are there any other options?
many thanks,
Rob
(either via an Application Pool or IIS impersonation) and we need to
connect to a remote SQL Server instance w/ Read-Write permissions. They
don't want to do it that way due to the maintenance issues with
passwords in multiple locations.
We're using an OLE connection to SQL server and currently have the
username and password obfuscated (not strong encryption but not) in the
connection string in the web.config. Looking for a better alternative.
We've looked into things such as described here:
http://idunno.org/dotNet/trustedConnections.aspx
This is a secured, internal app: Where I'm confused is why the standard
Windows Authentication setting for access via IIS doesn't seem pass the
users credentials to the SQL Server (even with impersonate=true in
web.config). Ideally we just wanted to have read-write windows group and
add users that way. The connection to SQL with impersonation and Windows
Authentication remains either IIS or the Application Pool Identity?
So, two questions:
1. is this impersonation behavior with IIS and Windows Authentication
documented anywhere (need to show them via a reliable source this
doesn't work beyond the fact that its not working)
2. Short of encrypting the user connection information in the registry
(also a maintenance hassle) are there any other options?
many thanks,
Rob