Prev Thread Prev Thread   Next Thread Next Thread
 Windows Security: using integrated security in connection string.
Author Message
Samuel

  • Total Posts : 8812
  • Reward points : 15960
  • Joined: 05/23/2001
  • Status: offline
Windows Security: using integrated security in connection string. - 02/19/2003 06:45:03 PM
Q: My sysadmin disallow the use of standard SQL security in the connection string.. what can I do to make ASPPlayground use Trusted Connection?

A: It is a very easy task. Please follow the instruction below carefully (the following technique applies only to those who run both SQL and Web servers on the same machine):
  • For the ASP versions:
    • Open Masterinclude.asp
    • Look for this line and make sure it reads: 'datastore = "Provider=sqloledb;Data Source="&dbServer&";Initial Catalog="&dbName&";Integrated Security=SSPI;" , and remove the comment in front of it
  • For the ASP.NET versions
    • For version 2.5.5
      • Open Masterinclude.aspx
      • Look for this line and make sure it reads: 'datastore = "Integrated Security=SSPI; initial catalog=" & dbName & "; Data source=" & dbServer & "; persist security info=False; Trusted_Connection=Yes" , and remove the comment in front of it
    • For version 3.x
      • Open web.config
      • Make sure you enter the correct format of connection string into the "ForumSoftwareConnection" connection string. The correct format is:
        Integrated Security=SSPI; initial catalog=dbName; Data source=dbServer; persist security info=False; Trusted_Connection=Yes
    • Open web.config
    • Add the follwing in between <system.web></system.web> (this will make ASP.NET to run under the IUSR account)
      <system.web>
      ...
      <authentication mode = "windows" />
      ...
      <identity impersonate="true" />
      ...
      </system.web>

Finally,

  • SQL 2000 users (for version 2.x users)
    • use Enterprise Manager, and add your IUSR account to the "Logins" section
  • SQL 2005 users (for version 2.x or 3.x users)
    • use SQL Management Studio, and add your IUSR account to the "Users" section

Do not forget to set the correct permission for the IUSR account to access the database - you can simply add the IUSR account into the "db_owner" standard role if you want to use all features of the software. You can tighten the security by giving the IUSR account db_datareader + db_datawrite (BOTH, not either or). Note that with this lesser security privilege you won't be able to upgrade your db to a newer version, but you can use it for regular forum operations just fine.

NOTE: It is much more complicated to use Trusted Connection (Windows Authentication) than to use the plain SQL Authentication, and the above is just a suggestion and you should review security settings carefully yourself. Refer to this document for other ways to accomplish the same thing in ASP.NET
<message edited by Samuel on 07/10/2008 07:32:36 PM>
Samuel Chou
Forum Administrator

Jump to:

Current active users
There are 0 members and 6 guests.
Icon Legend and Permission
  • New Messages
  • No New Messages
  • Hot Topic w/ New Messages
  • Hot Topic w/o New Messages
  • Locked w/ New Messages
  • Locked w/o New Messages
  • Read Message
  • Post New Thread
  • Reply to message
  • Post New Poll
  • Submit Vote
  • Post reward post
  • Delete my own posts
  • Delete my own threads
  • Rate post

© 2000-2008 ASPPlayground.NET Forum Version 3.1 Alpha