J
Jim Moon
Hello.
Running IIS 6 and ASP.NET, the only way an application can access SQL Server
seems to be as "NT AUTHORITY / NETWORK SERVICE" (or an alias specified in
the <identity> element within "web.config"). This is analagous to the
"ASPNET" user for IIS 5 and ASP.NET.
In a secure (SSL) web running in IIS 6, we're interested in getting from
ASP.NET the behavior we get from ASP 3.0. When the ASP application logs
onto the SQL Server database, it does so under the logon of the actual user.
There does not appear to me to be a way to make this happen. And, as a
result, we feel as though we have lost a layer of security--the security of
the database.
Any ideas or suggestions are welcome.
Thanks,
Jim
Running IIS 6 and ASP.NET, the only way an application can access SQL Server
seems to be as "NT AUTHORITY / NETWORK SERVICE" (or an alias specified in
the <identity> element within "web.config"). This is analagous to the
"ASPNET" user for IIS 5 and ASP.NET.
In a secure (SSL) web running in IIS 6, we're interested in getting from
ASP.NET the behavior we get from ASP 3.0. When the ASP application logs
onto the SQL Server database, it does so under the logon of the actual user.
There does not appear to me to be a way to make this happen. And, as a
result, we feel as though we have lost a layer of security--the security of
the database.
Any ideas or suggestions are welcome.
Thanks,
Jim