Connecting to a SQL Server database provides two different authentication modes:
- Windows Authentication
Uses the current security identity from the Windows NT or Windows 2000 user account to provide authentication information. It does not expose the user ID and password and is the recommended method for authenticating a connection.
- SQL Server Authentication
Uses a SQL Server login account providing a user ID and password.
Integrated security requires that the SQL Server is running on the same computer as IIS and that all application users are on the same domain so that their credentials are available to IIS. The following areas of the application need to be configured:
Configure the ASP.NET application so that
Integrated
Windows
Authentication
is enabled andAnonymous
Access
is disabled.The
web.config
file establishes the authentication mode that the application uses and that the application will run as or impersonate the user. Add the following elements to theweb.config
file:<authentication mode="Windows" /> <identity impersonate="true" />
The connection string must contain attributes that tell the SQL Server that integrated security is used. Use the
Integrated
Security=SSPI
attribute-and-value pair instead of theUser
ID
andPassword
attributes in the connection string. The older attribute-and-value pairTrusted_Connection=Yes
is also supported.Add users and groups from the domain and set their access permissions as required.
By default, ASP.NET applications run in the context of a local user
ASPNET
on IIS. The account has limited permissions
and is local to the IIS computer and therefore not recognized as a
user on remote computers. To overcome this limitation when SQL Server
is not on the same computer as IIS, run the web application in the
context of a domain user recognized on both IIS and SQL Server
computers.
In addition to the areas identified where IIS and SQL Server are on the same computer, the following additional items must be configured if the SQL Server is on a different computer:
Ensure that the mapped domain user has required privileges to run the web application.
Configure the web application to impersonate the domain user. Add the following elements to the
web.config
file for the web application:<authentication mode="Windows" /> <identity impersonate="true" userName="domain\username" password="myPassword" />
Get ADO.NET Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.