locked
SQL Server Mixed Mode Authentication RRS feed

  • Question

  • Trying to write a good and strong installation guide for BizTalk, I stop and wonder why the Mixed Mode authentication is recommended/best practice for BizTalk?

    I still haven't found a good answer other than what I've mentioned above. Any good answers on this topic?

    Friday, October 12, 2012 8:51 AM

Answers

  • Hi,

    I think that most people know that Windows Authentication mode is a best practice for SQL Server and I guess that it is what triggered your curiosity. Indeed, why BizTalk would need mixed mode as best practice? Actually it does not, and I never do it - except when the environment requires it for some very particular reason or needs.

    So:

    1. We know that SQL Server best practice is to use Windows authentication mode.

    2. The document you refer to is not an official document.

    3. The official documentation refers to "Windows Authentication mode". It is stated in Microsoft's installation guide for BizTalk. See: http://download.microsoft.com/download/0/F/F/0FFEF5D0-BE04-4D03-9125-75B8AD243E57/Installing%20BizTalk%20Server%202010%20on%20Windows%20Server%202008%20R2%20and%202008.docx 

    So I think that we can safely conclude that the best practice is as expected: use Windows authentication mode :)

    HTH,

    Francois


    Friday, October 12, 2012 2:14 PM

All replies

  • Hi,

    I also saw one more interesting thing that BAM Webservice will not support SQL Server Mixed mode authentication

    see below:

    http://blogs.msdn.com/b/tihot/archive/2006/06/13/630313.aspx


    If this post answers your question, please mark it as such. If this post is helpful, click 'Vote as helpful'.

    Friday, October 12, 2012 9:53 AM
  • Well... That article isn't saying that BAM is not supporting Mixed Mode, only that it's supporting Windows authentication. Mixed mode do both.
    Friday, October 12, 2012 10:27 AM
  • The only official Installation document for BizTalk Server 2010, where I can find the word "Mixed mode" used is "BizTalk 2010 Installation and Configuration Guide - Development and Test Build". Are you sure it is recommended for Production environment? I never heard of that?

    Morten la Cour

    Friday, October 12, 2012 10:50 AM
  • Though I have not found it in any official installation document, I have found it in other documentation online. I've also discussed this with some colleagues, with the same result - They say Mixed Mode, but can't really explain why.

    This is also leading me to believe it is incorrect. Windows authentication mode should be sufficient.

    I believe what you're saying, Morten, is supporting my idea of this being wrong. Thanks :)

    Friday, October 12, 2012 12:03 PM
  • Can you point us to the online documentation where you found it?

    Windows authentication is according to Microsoft the only way to go:

    http://databases.about.com/od/sqlserver/a/authentication.htm

    Microsoft’s best practice recommendation is that you use Windows authentication mode whenever possible.  The main benefit is that the use of this mode allows you to centralize account administration for your entire enterprise in a single place: Active Directory.  This dramatically reduces the chances of error or oversight


    Jean-Paul Smit | Didago IT Consultancy
    Blog | Twitter | LinkedIn
    MCTS BizTalk 2006/2010 + Certified SOA Architect

    Please indicate "Mark as Answer" if this post has answered the question.

    • Proposed as answer by TanmoySarkar Friday, October 12, 2012 1:09 PM
    Friday, October 12, 2012 12:09 PM
  • It is referring to SQL Server 2012 and isn't in relation to BizTalk though (but I guess there is no difference): http://www.mytechmantra.com/LearnSQLServer/Install-SQL-Server-2012-P5.html

    Also this installation guide is suggesting Mixed Mode: http://www.microsoftconnectedsystems.net/redir.aspx?rid=8

    I might also add that our architecture is based on domain accounts. This is also why I found this weird.

    So as far as I can tell from the answers, BizTalk should not for any strange reason use other accounts than domain?

    Friday, October 12, 2012 1:34 PM
  • Hi,

    I think that most people know that Windows Authentication mode is a best practice for SQL Server and I guess that it is what triggered your curiosity. Indeed, why BizTalk would need mixed mode as best practice? Actually it does not, and I never do it - except when the environment requires it for some very particular reason or needs.

    So:

    1. We know that SQL Server best practice is to use Windows authentication mode.

    2. The document you refer to is not an official document.

    3. The official documentation refers to "Windows Authentication mode". It is stated in Microsoft's installation guide for BizTalk. See: http://download.microsoft.com/download/0/F/F/0FFEF5D0-BE04-4D03-9125-75B8AD243E57/Installing%20BizTalk%20Server%202010%20on%20Windows%20Server%202008%20R2%20and%202008.docx 

    So I think that we can safely conclude that the best practice is as expected: use Windows authentication mode :)

    HTH,

    Francois


    Friday, October 12, 2012 2:14 PM