1

Hey guys, I've recently been having problems with Microsoft Server 2008, Plesk, and MSSQL. The problem was that when one of my applications in the pool tried to access the database I got an error saying it doesn't have access.

I have now fixed this problem by setting the application pool's identity in IIS to "local system", but I understand there can be some security risks with this. Do you guys have an idea for a better solution? One where the pool can access the MSSQL database, but not compromise security?

Thank you!

Rob
  • 117
  • 1
  • 4

2 Answers2

4

If your IIS and SQL servers are in a domain together, create a domain user to serve as the identity of the app. Set the app pool identity to that user and add it as a db user. Also make sure the user has access to all the application files.

pseudocoder
  • 176
  • 2
  • 1
    You should also mention that if the application relies on Windows Authentication to auth domain users this will not work out of the box -- an SPN will have to be created. – MK. Apr 29 '11 at 04:10
  • Yes that sounds like exactly what I need. How can I create a new user? And how can i set it as a db user? –  Apr 29 '11 at 04:10
  • WOW I can't believe how incredibly long it took me to figure out how to do what you said, but it FINALLY worked! Holy crap! Thank you =) – Rob Apr 29 '11 at 08:08
  • Sorry, I was asleep when you posted your question :) – pseudocoder Apr 29 '11 at 16:44
1

I have now fixed this problem by setting the application pool's identity in IIS to "local system", but I understand there can be some security risks with this. Do you guys have an idea for a better solution?

Assuming the DB and IIS are on the same box you can create a local user account and give that account the necessary rights (DB reader and writer if neccessary) on the DB. Then create an IIS AppPool for your app that runs under that account, and configure the app to use that AppPool.

BrokenGlass
  • 111
  • 3