RE: IIS And SQL Server

RE: IIS And SQL Server

 

  

Craig,

What you're trying to do is possible, although, in my experience, not
easy. The crux of the problem is that basically you're trying to make a
"double-hop" which is authenticating a user to a web server and then
trying to pass those credentials on to a database server. In order for
this to work, you need to use "Windows Authentication" only on the web
server and you need to configure delegation. Here is a Microsoft
article that talks about it:

http://support.microsoft.com/default.aspx?kbid=810572

You said that this is an Intranet site. That's good, because all the
servers involved need to be members of the same Active Directory domain.


Hope this helps,

Greg



-----Original Message-----
From: CBerko
[mailto:mssqldba-ezmlmshield-x82347552.[Email address protected]
Sent: Friday, February 25, 2005 9:47 AM
To: LazyDBA Discussion
Subject: IIS And SQL Server

What I am trying to do is have my web pages run on a dedicated IIS
server
and have them access SQL databases on separate SQL Servers. I want to
use
Windows Authentication to control access to the data since this is
strictly
an intranet site.

Here is what I have tried so far:

If I run IIS on the same box as SQL Server, I have no problems.

However, as soon as I try to run the WebPages from a separate IIS
server,
the problems begin. The only way that I have been able to get it to
work so
far is to do the following:

Change SQL Server so that it is running in Windows Authentication mode
only.
Set up IIS to use an anonymous login account with access to the
database.
This is a domain user account.
Check the "Use Anonymous Login" AND "Windows Authentication" checkbox on
the
IIS
If I set SQL Server to run in mixed mode, then I get a Login failed for
user
'NT AUTHORITY\ANONYMOUS LOGON'. error
If I leave SQL Server in Windows Authentication only mode and uncheck
the
Anonymous Login, I get a Login failed for user 'NT AUTHORITY\ANONYMOUS
LOGON' error

My web.config has the following line in the Authentication Section:

<authentication mode="Windows" />

What steps do I have to take to set up SQL Server and IIS on separate
boxes
when I can leave my SQL Server in Mixed Mode and have IIS connect with
Windows Authentication?


Thanks,

Craig Berko
SQL Server DBA / Software Engineer
The MHA Group
(469) 759-8551




---------------------------------------------------------------------
TO REPLY TO EVERBODY , PLEASE CLICK REPLY-ALL, NOT JUST REPLY
Website : http://www.LazyDBA.com
To unsubscribe: http://www.lazydba.com/unsubscribe.html
For additional commands, e-mail: mssqldba-[Email address protected]




MS Sql Server LazyDBA home page