Setting up integrated security to SQL Server

Discussion in 'ASP .Net' started by Dave, Aug 11, 2003.

  1. Dave

    Dave Guest

    Hi,

    I've read quite a few places where it recommends you use
    integrated security in your connection string to SQL
    Server

    I tried this in test page to connect to the Northwind
    database by setting my connection string to:

    "data source=<mymachinename>;initial
    catalog=Northwind;integrated security=SSPI;"

    It worked as long as I added ASPNET, the account used for
    running ASP.NET Worker processes, as a SQL Server Login
    with access to Northwind.

    My question is shouldn't each web application on the
    server have it's own ASPNET-type account so it only has
    accesses the databases it needs?

    For example, can I setup the following?

    ASPNET_Northwind (This account can only access the
    Northwind site and the Northwind database)

    ASPNET_Pubs ((This account can only access the Pubs site
    and the Pubs database)

    Otherwise if all sites use the same ASPNET account, they
    can make queries to other databases.

    how do I do this?

    Thanks, Dave.
     
    Dave, Aug 11, 2003
    #1
    1. Advertising

  2. Dave,

    In IIS you can tell a web site to run using a network username and password.

    In Interenet Information Services, right click the web site and open the
    properties window for it.

    Go to the Directory Security Tab and then click the Edit button in the
    Anonymous access and authentication area.

    In the Anonymous Access area make sure that Anonymous access is checked.

    Please not the text in this area: "Account used for anonymous access:" Click
    the Browse button and select the account you would like this web site to run
    as.

    (You should uncheck the Allow IIS to control password checkbox and provide
    the password for the account.)

    Now give this account access to the correct SQL database.

    Sincerely,


    --
    S. Justin Gengo, MCP
    Web Developer

    Free code library at:
    www.aboutfortunate.com

    "Out of chaos comes order."
    Nietzche


    "Dave" <> wrote in message
    news:079101c3600f$3ae61900$...
    > Hi,
    >
    > I've read quite a few places where it recommends you use
    > integrated security in your connection string to SQL
    > Server
    >
    > I tried this in test page to connect to the Northwind
    > database by setting my connection string to:
    >
    > "data source=<mymachinename>;initial
    > catalog=Northwind;integrated security=SSPI;"
    >
    > It worked as long as I added ASPNET, the account used for
    > running ASP.NET Worker processes, as a SQL Server Login
    > with access to Northwind.
    >
    > My question is shouldn't each web application on the
    > server have it's own ASPNET-type account so it only has
    > accesses the databases it needs?
    >
    > For example, can I setup the following?
    >
    > ASPNET_Northwind (This account can only access the
    > Northwind site and the Northwind database)
    >
    > ASPNET_Pubs ((This account can only access the Pubs site
    > and the Pubs database)
    >
    > Otherwise if all sites use the same ASPNET account, they
    > can make queries to other databases.
    >
    > how do I do this?
    >
    > Thanks, Dave.
    >
     
    S. Justin Gengo, Aug 11, 2003
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Brian
    Replies:
    1
    Views:
    479
    Scott Allen
    May 4, 2005
  2. Davide Bedin
    Replies:
    0
    Views:
    137
    Davide Bedin
    Jul 24, 2003
  3. eRic
    Replies:
    6
    Views:
    365
    Kunal
    Mar 5, 2004
  4. Phil Aldis
    Replies:
    3
    Views:
    204
    Raterus
    Aug 16, 2004
  5. Arthur Zubarev
    Replies:
    0
    Views:
    82
    Arthur Zubarev
    Feb 3, 2014
Loading...

Share This Page