locked
Is it possible to use domain account to connect with SQL Server while remain using normal account to access IIS in web.config RRS feed

  • Question

  • User51847363 posted

    Hello everyone! I am totally a newbie in this forum. Laughing

    Background of my ASP.NET environment:

    IIS 7.5 on Windows 2008R2 Web Server

    MS SQL Server 2008R2 on Windows 2008R2 Enterprise Server

    I have just developed a ASP.NET application using .NET 4.5 framework and would like to use my existing domain account to connect with the SQL Server. However, I would like to use normal account (which should be something like web$ account) to connect with IIS. Is that possible? I have read the recommendations from the web saying I have to use "Impersonation" feature in the web.config. I don't really like to grant my domain account access right in the IIS with a couple of folders custom access right.

    My question is, is it possible for me to connect to the SQL Server using domain account while using normal account to access IIS? It seems to me the impersonation feature will use that domain account to access the IIS and it creates more work for me to grant access right in IIS.Frown

    I hope you guys can drop me a line if you would like to share with me your precious experience regarding this. And, I am more than willing to explain a little bit more if you don't get my idea. :P

    Tuesday, January 5, 2016 8:09 AM

Answers

  • User197322208 posted

    put the App Pool for your site to run under an domain account that have rights to SqlServer

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, January 5, 2016 11:10 AM

All replies

  • User197322208 posted

    put the App Pool for your site to run under an domain account that have rights to SqlServer

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, January 5, 2016 11:10 AM
  • User632578393 posted

    For me, I change that IIS application pool user (to run the site) identity from 'ApplicationPoolIdentity' to the specific domain user, with LoadUserProfile to true.

    This is used to explicitly grant file folder access right only.

    For SQL DB connection, I use specific sql user credential and assign specific DB role & DB access right to that sql user. Use this sql user credential in connection string of ASP.NET application web.config/app.config.

    For your case, if you want to maintain user control in one place, simply assign your domain user to this IIS application pool user and grant sql access right to this domain user. 

    My config is a bit more work, but it's more manageable as SQL has its own credential to access and do things to DB only, while website can run by itself with some explicit user having specific directory right access grant. 

    Wednesday, January 6, 2016 1:45 AM