none
Configuring ASP.NET MVC, IIS, and SQL Server for Forms and Windows Authentication RRS feed

  • Question

  • Hello.  I’m trying to understand how the pieces of ASP.NET MVC, IIS, and SQL Server all fit together for both an application using forms authentication and an application using Windows authentication.

    We’re developing two ASP.NET MVC 4 applications; one will use forms authentication (an external site with usernames and passwords) and one will use Windows authentication (an internal intranet site).  Both will be hosted in IIS 7.5/8 (different sites and different app pools).  Both will need access to a SQL Server 2008 R2/2012 database with user-specific access to tables, sprocs, etc.  The SQL Server database will be running on the same server as the IIS server.

    For the ASP.NET MVC 4 site using forms authentication:

    * Should the IIS app pool identity be ApplicationPoolIdentity, one of the other options, or some local or domain user?
    * In the ASP.NET MVC 4 app, how would you configure the connection string?  With a username and password?  And, if so, what username and password?
    * In SQL Server, do we need to set up a specific login that relates to our database?  Or do we create a database-specific user?  We don’t want to have a separate login or database user for every user.

    For the ASP.NET MVC 4 site using Windows authentication, same questions (except the connection string one – no username and password is needed in the connection string).

    I guess I’m not seeing how all the different pieces of this solution (ASP.NET, IIS, and SQL Server) and all their options should be configured properly.  I’ve searched around and found some information but not a full end-to-end description of how everything needs to be set up and configured to all work together.

    Thanks!

    Monday, October 1, 2012 8:28 PM

Answers

  • Hi Imttaq,

    In SQL Server, do we need to set up a specific login that relates to our database?  Or do we create a database-specific user?  We don’t want to have a separate login or database user for every user.

    According to your scenario, if all of the users use the same login to get data from SQL Server, you can configure only one login. But if they connect to SQL Server via their own logins, the logins in SQL Server should be separately created and related to the same database user, in order to have the same permission.

    Actually your issue is a MVC develop issue more than SQL Server, I would like suggest you to post this thread to related forum for better support for these MVC questions.

    Here is the address:

    http://forums.asp.net/1146.aspx

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.


    Best Regards,
    Iric
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Tuesday, October 2, 2012 6:36 AM
    Moderator