Microsoft KB Archive/176379

= How to set up IIS and SQL Server on separate machines with a trusted connection =

Article ID: 176379

Article Last Modified on 5/2/2006

-

APPLIES TO


 * Microsoft Active Server Pages 1.0
 * Microsoft SQL Server 6.5 Standard Edition
 * Microsoft Internet Information Server 3.0
 * Microsoft Internet Information Server 4.0
 * Microsoft Internet Information Services 5.0

-



This article was previously published under Q176379



We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx



SUMMARY
Microsoft SQL Server 6.5 can be used with Active Server Pages (ASP) and Internet Information Server 3.0 (IIS). When SQL Server is configured for Mixed or Integrated Security, certain configuration changes must be made to enable ASP to connect to SQL Server via a trusted connection. This article describes these changes and how to set up Internet Information Server to properly connect to SQL Server over a trusted connection.



MORE INFORMATION
In order for ASP scripts to make a trusted connection to SQL Server using ActiveX Data Objects (ADO), the users must be authenticated when they browse the Web page making such a connection. If you force the users to authenticate themselves via Basic authentication, IIS has all information required to make the trusted connection to SQL Server. If any other authentication method is used (NT Challenge/Response or Anonymous), IIS is not be able to make this connection.

Note Using Basic authentication without SSL may compromise security on your Web server. Basic authentication transmits passwords over the network BASE64 encoded. This encryption is available publicly and can be used to decipher passwords. This means that anyone who is able to use a network sniffer to watch network transmissions will be able to decipher passwords sent through Basic authentication. To secure passwords that are sent over the network by using BASE64 encoding, always send these transmissions over an SSL connection.

Use the following steps to enable Basic authentication and disable other methods:
 * 1) Click Start menu.
 * 2) Select Programs.
 * 3) Select Microsoft Internet Server.
 * 4) Select Internet Service Manager.
 * 5) Double-clickthe computer name for the WWW Service. This opens the Properties window.
 * 6) On the Service tab of the tabbed dialog box there's a section marked Password Authentication. In this section clear the Allow Anonymous and the Windows NT Challenge/Response check boxes.
 * 7) Select the Basic (Clear Text) check box.
 * 8) Click 'OK'.

Change in the authentication methods will be effective immediately, and does not require the stopping of the WWW Publishing service.

