0

This will be a simple answer for those used to Windows authentication but as Solaris Sysadmin I am just looking for some clarification on how to implement Windows Authentication between an application running on an IIS7 Web Site (running on Server 2008 R2) and a Microsoft SQL 2008 Server.

The application at the moment uses this tag:

Data Source=mydbserverhostname;Initial Catalog=TheDBName;User ID=testuser; Password=apassword

In the specifications it is supposed to use this:

Data Source=mydbserverhostname;Initial Catalog=TheDBName;Integrated Security=SSPI;

I would like to go back and get the Windows Authentication working before I have to deploy to Production. From my understanding of Windows I need to have a Windows Domain account to authenticate against a Service Account which has been set on the SQL Server 2008.

What I am missing is how to achieve this and how to get it running as a service so that I can log out and leave IIS7 running the site and the SQL Server talking to each other.

I have read a couple of similar questions on this forum but the answers seem to be "just switch to SQL Authentication" which I need to avoid in the final implementation.

Any help would be appreciated.

SnazzyBootMan
  • 669
  • 2
  • 15
  • 30
  • Do you want your IIS application to connect to your SQL database using a fixed windows domain account, or are you intending to let each user connecting to your IIS application through windows authentication to connect directly to the database using their own credentials? – Dan Jul 04 '14 at 08:40
  • A very good question Dan, I have been provided with a Service account that has been set up on the SQL Server. Now from my understanding of Windows Authentication I need to connect to that service account using a fixed domain account but this is something I need clarifying and how to achieve that if my assumption is correct. – SnazzyBootMan Jul 04 '14 at 10:41
  • Okay, so that means that your application should always use the same account (the provided service account) to connect to the SQL database. To make this work, you will need to change the identity of the hosting Application Pool. More information [here](http://www.iis.net/learn/manage/configuring-security/application-pool-identities) – Dan Jul 04 '14 at 11:06
  • Thanks Dan, I came across that URL last night but just needed to make sure I was going down the right road. So I am thinking that as I am using the DefaultAppPool currently I just need to change the Identity to a custom username and password that matches the service account that has been created on the SQL Server? – SnazzyBootMan Jul 04 '14 at 13:20

1 Answers1

0

When using the DefaultAppPool change the Identity to a custom username and password that matches the service account that has been created on the SQL Server/(LDAP) as per:

http://www.iis.net/learn/manage/configuring-security/application-pool-identities

SnazzyBootMan
  • 669
  • 2
  • 15
  • 30