Deploying Web App inside a DMZ

P

Paul P

I want to deploy my web app inside a DMZ. I set up the IIS to allow Anonymous Logi
and I am going to impersonate an account and connect to a SQL Server databas
inside the firewall. The account we are trying to impersonate is a Domain account

Now the question is How do I do that

In my webconfig file I have impersonate=true and I know I can put the username password in there also
But when I do that I still get Login failed for Null user

Do I have to create a local account on the DMZ box that matches the Domain account I am trying to impersonate
The SQL Server has the Domain account added as a SQL Server Login and is granted access to the database I
want to use. The app works fine from my Intranet but when I move it to the DMZ box I have a problem. I
says Login failed for Null user. I have read some articles that points to using the ASPNET worker process account but I want to use a proxy account

Do I need to do something within IIS or modify the webconfig file, or modify the machine.config file???

Any help would be appreciated........
 
P

Paul Glavich

Since your web machine cannot access the domain, then it will obviously be
unable to impersonate. Adding a local account matching the domain account
would probably work, but you'd have to do this for each domain account that
was to access the box, which would not be practical I would think. Setting
the web.config to impersonate a particlar local account would work but dont
like doing this in the web.config becuase of the relatively easy access of
this file to malicious eyes (whether internal or external) and this is even
though you can encrypt the credentias via setreg.
--
- Paul Glavich


Paul P said:
I want to deploy my web app inside a DMZ. I set up the IIS to allow Anonymous Login
and I am going to impersonate an account and connect to a SQL Server database
inside the firewall. The account we are trying to impersonate is a Domain account.

Now the question is How do I do that?

In my webconfig file I have impersonate=true and I know I can put the
Click to expand...
username password in there also.
But when I do that I still get Login failed for Null user.

Do I have to create a local account on the DMZ box that matches the Domain
Click to expand...
account I am trying to impersonate?
The SQL Server has the Domain account added as a SQL Server Login and is
Click to expand...
granted access to the database I
want to use. The app works fine from my Intranet but when I move it to
Click to expand...
the DMZ box I have a problem. It
says Login failed for Null user. I have read some articles that points to
Click to expand...
using the ASPNET worker process account but I want to use a proxy account.
Do I need to do something within IIS or modify the webconfig file, or
Click to expand...
modify the machine.config file????
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Impersonate domain user account from DMZ 1
Windows Authentication when Web Server is in DMZ 1
Mobile App ideas - worksheet emailer 1
How to Design a Cross Network app 0
Align img inside nav tabs section 5
Release form like IOS app to a group of people 0
Web publish locally 2
How to go about building a crud app when you are a noob 1

Members online

Total: 25 (members: 1, guests: 24)
Robots: 408

Forum statistics

Threads
473,755
Messages
2,569,537
Members
45,020
Latest member
GenesisGai

Latest Threads

Top