Professional Web Applications Themes

Setting up integrated security to SQL Server - ASP.NET General

Hi, I've read quite a few places where it recommends you use integrated security in your connection string to SQL Server I tried this in test page to connect to the Northwind database by setting my connection string to: "data source=<mymachinename>;initial catalog=Northwind;integrated security=SSPI;" It worked as long as I added ASPNET, the account used for running ASP.NET Worker processes, as a SQL Server Login with access to Northwind. My question is shouldn't each web application on the server have it's own ASPNET-type account so it only has accesses the databases it needs? For example, can I setup the following? ASPNET_Northwind ...

  1. #1

    Default Setting up integrated security to SQL Server

    Hi,

    I've read quite a few places where it recommends you use
    integrated security in your connection string to SQL
    Server

    I tried this in test page to connect to the Northwind
    database by setting my connection string to:

    "data source=<mymachinename>;initial
    catalog=Northwind;integrated security=SSPI;"

    It worked as long as I added ASPNET, the account used for
    running ASP.NET Worker processes, as a SQL Server Login
    with access to Northwind.

    My question is shouldn't each web application on the
    server have it's own ASPNET-type account so it only has
    accesses the databases it needs?

    For example, can I setup the following?

    ASPNET_Northwind (This account can only access the
    Northwind site and the Northwind database)

    ASPNET_Pubs ((This account can only access the Pubs site
    and the Pubs database)

    Otherwise if all sites use the same ASPNET account, they
    can make queries to other databases.

    how do I do this?

    Thanks, Dave.

    Dave Guest

  2. #2

    Default Re: Setting up integrated security to SQL Server

    Dave,

    In IIS you can tell a web site to run using a network username and password.

    In Interenet Information Services, right click the web site and open the
    properties window for it.

    Go to the Directory Security Tab and then click the Edit button in the
    Anonymous access and authentication area.

    In the Anonymous Access area make sure that Anonymous access is checked.

    Please not the text in this area: "Account used for anonymous access:" Click
    the Browse button and select the account you would like this web site to run
    as.

    (You should uncheck the Allow IIS to control password checkbox and provide
    the password for the account.)

    Now give this account access to the correct SQL database.

    Sincerely,


    --
    S. Justin Gengo, MCP
    Web Developer

    Free code library at:
    [url]www.aboutfortunate.com[/url]

    "Out of chaos comes order."
    Nietzche


    "Dave" <DavidTabakahotmail.com> wrote in message
    news:079101c3600f$3ae61900$a301280aphx.gbl...
    > Hi,
    >
    > I've read quite a few places where it recommends you use
    > integrated security in your connection string to SQL
    > Server
    >
    > I tried this in test page to connect to the Northwind
    > database by setting my connection string to:
    >
    > "data source=<mymachinename>;initial
    > catalog=Northwind;integrated security=SSPI;"
    >
    > It worked as long as I added ASPNET, the account used for
    > running ASP.NET Worker processes, as a SQL Server Login
    > with access to Northwind.
    >
    > My question is shouldn't each web application on the
    > server have it's own ASPNET-type account so it only has
    > accesses the databases it needs?
    >
    > For example, can I setup the following?
    >
    > ASPNET_Northwind (This account can only access the
    > Northwind site and the Northwind database)
    >
    > ASPNET_Pubs ((This account can only access the Pubs site
    > and the Pubs database)
    >
    > Otherwise if all sites use the same ASPNET account, they
    > can make queries to other databases.
    >
    > how do I do this?
    >
    > Thanks, Dave.
    >

    S. Justin Gengo Guest

Similar Threads

  1. Integrated security in ASP.net
    By Nick in forum ASP.NET Security
    Replies: 6
    Last Post: August 19th, 02:39 AM
  2. Replies: 3
    Last Post: August 16th, 08:45 PM
  3. Replies: 6
    Last Post: March 5th, 02:04 AM
  4. Integrated Security
    By Srinivasa Reddy K Ganji in forum ASP.NET Security
    Replies: 12
    Last Post: September 12th, 02:46 PM
  5. How to access to SQL with Integrated Security from ASP.Net app
    By Davide Bedin in forum ASP.NET Security
    Replies: 0
    Last Post: July 24th, 03:04 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139