Deploying Web App inside a DMZ

Discussion in 'ASP .Net Security' started by Paul P, Mar 5, 2004.

  1. Paul P

    Paul P Guest

    I want to deploy my web app inside a DMZ. I set up the IIS to allow Anonymous Logi
    and I am going to impersonate an account and connect to a SQL Server databas
    inside the firewall. The account we are trying to impersonate is a Domain account

    Now the question is How do I do that

    In my webconfig file I have impersonate=true and I know I can put the username password in there also
    But when I do that I still get Login failed for Null user

    Do I have to create a local account on the DMZ box that matches the Domain account I am trying to impersonate
    The SQL Server has the Domain account added as a SQL Server Login and is granted access to the database I
    want to use. The app works fine from my Intranet but when I move it to the DMZ box I have a problem. I
    says Login failed for Null user. I have read some articles that points to using the ASPNET worker process account but I want to use a proxy account

    Do I need to do something within IIS or modify the webconfig file, or modify the machine.config file???

    Any help would be appreciated........
     
    Paul P, Mar 5, 2004
    #1
    1. Advertising

  2. Paul P

    Paul Glavich Guest

    Since your web machine cannot access the domain, then it will obviously be
    unable to impersonate. Adding a local account matching the domain account
    would probably work, but you'd have to do this for each domain account that
    was to access the box, which would not be practical I would think. Setting
    the web.config to impersonate a particlar local account would work but dont
    like doing this in the web.config becuase of the relatively easy access of
    this file to malicious eyes (whether internal or external) and this is even
    though you can encrypt the credentias via setreg.
    --
    - Paul Glavich


    "Paul P" <> wrote in message
    news:...
    > I want to deploy my web app inside a DMZ. I set up the IIS to allow

    Anonymous Login
    > and I am going to impersonate an account and connect to a SQL Server

    database
    > inside the firewall. The account we are trying to impersonate is a Domain

    account.
    >
    > Now the question is How do I do that?
    >
    > In my webconfig file I have impersonate=true and I know I can put the

    username password in there also.
    > But when I do that I still get Login failed for Null user.
    >
    > Do I have to create a local account on the DMZ box that matches the Domain

    account I am trying to impersonate?
    > The SQL Server has the Domain account added as a SQL Server Login and is

    granted access to the database I
    > want to use. The app works fine from my Intranet but when I move it to

    the DMZ box I have a problem. It
    > says Login failed for Null user. I have read some articles that points to

    using the ASPNET worker process account but I want to use a proxy account.
    >
    > Do I need to do something within IIS or modify the webconfig file, or

    modify the machine.config file????
    >
    > Any help would be appreciated........
     
    Paul Glavich, Mar 7, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Bill Carpenter

    ASPNET in DMZ - PLEASE HELP

    Bill Carpenter, Apr 21, 2004, in forum: ASP .Net
    Replies:
    2
    Views:
    1,316
    Christopher Reed
    Apr 21, 2004
  2. =?Utf-8?B?SklNLkgu?=

    Q: app in DMZ machine

    =?Utf-8?B?SklNLkgu?=, Jun 23, 2005, in forum: ASP .Net
    Replies:
    0
    Views:
    322
    =?Utf-8?B?SklNLkgu?=
    Jun 23, 2005
  3. hakl
    Replies:
    1
    Views:
    148
    Dominick Baier [DevelopMentor]
    Sep 12, 2005
  4. InstantKiwi

    Windows Authentication when Web Server is in DMZ

    InstantKiwi, Aug 10, 2006, in forum: ASP .Net Security
    Replies:
    1
    Views:
    806
    Joe Kaplan \(MVP - ADSI\)
    Aug 12, 2006
  5. Karl A Mikesell

    Screened Subnet (DMZ) causes Web Service to fail

    Karl A Mikesell, May 7, 2004, in forum: ASP .Net Web Services
    Replies:
    1
    Views:
    144
    Jian Bo
    May 8, 2004
Loading...

Share This Page