Windows Security: using integrated security in connection string.
If you need to use Trusted Connection to connect to your SQL server, please follow the instruction below carefully (the following technique applies only to those who run both SQL and Web servers on the same machine
- for version 3, open web.config
Then, make sure you enter the following into the "ForumSoftwareConnection" connection string:
Integrated Security=SSPI; initial catalog=dbName; Data source=dbServer; persist security info=False; Trusted_Connection=Yes
Add the following in between <system.web></system.web> to force ASP.NET to run under the IUSR account:
... <authentication mode = "windows" />
... <identity impersonate="true" />
Finally, using SQL Management Studio, add your IUSR account to the "Users" section.
Don't forget to set the correct permission for the IUSR account to access the database - you can simply add the IUSR account into the "db_owner" standard role if you want to use all features of the software.
You can tighten the security by giving the IUSR account db_datareader + db_datawrite (BOTH, not either or).
Note that with this lesser security privilege you won't be able to upgrade your db to a newer version, but you can use it for regular forum operations just fine.
It is much more complicated to use Trusted Connection (Windows Authentication) than to use the plain SQL Authentication.
Instead, you can encrypt SQL connection string
to protect your SQL user account password.
post edited by Samuel - 2013/02/26 16:23:29