none
Connection String issue

    Question

  • I am a sql server DBA. I am not completely aware of how IIS recognizes a sql server windows login credentials.

    This is for our testing only and doesnt reflect any prod or development env's. Right now we have created a new domain TESTApp.xyz.local and added an Active Passive windows and SQL Server Cluster set up to this domain. So my test database server is testdb\apptest. Our test app server is sitting on a different domain which is abc.local. The app server name is appserver1. Now I have restored the databases in testdb\apptest instance for the apps being hosted on appserver1. How do I ensure that the user will be able to login to application?

    Apps are using .net framework 4 and using IIS. If i create a domain account say appuser.xyz.local and create a login for this in testdb\apptest and give appropriate permissions on the database then how will the app be able to use this user to login to the app? what changes are required here at IIS as well as config file level. Currently the config files are using integrated security.

    Need your help experts

    Wednesday, August 21, 2013 6:10 PM

Answers

  • Hi,

    What's your desired authentication mechanism?  If you intend any type of single sign on/windows based authentication, you're going to need to create a trust between the domains.  You'll need to permission the groups/users that require access to your database server in SQL Server.  If you want pass through authentication, you'll need to setup kerberos delegation, which basically means that a users windows security details can be passed across 1 or more connections; basic NTLM is a single hop deal.


    Thanks, Andrew

    Wednesday, August 21, 2013 8:39 PM