Article ID: 176380
Article Last Modified on 3/22/2007
APPLIES TO
- Microsoft Active Server Pages 2.0
- Microsoft Active Server Pages 3.0
- Microsoft Internet Information Server 3.0
- Microsoft Internet Information Server 4.0
- Microsoft Internet Information Services 5.0
This article was previously published under Q176380
SUMMARY
When you use Microsoft SQL Server with Integrated or Mixed Security with Microsoft Internet Information Server (IIS), it may be necessary to access SQL Server from a guest account. You can set up a guest account to work around problems connecting an IIS computer to SQL Server on a separate physical computer over a trusted connection.
This method allows IIS, using Active Server Pages (ASP), to access a SQL Server over a trusted connection, but the method limits all SQL access to guest access only. If you want all users to connect to the SQL Server and maintain their identity to properly map to different privilege levels in SQL Server, you will need to use Basic authentication.
back to the top
Create a Guest Account to Access SQL Server from an IIS Server
Create an NT user account (WEBUSER for this example) that both computers can access. To do this:
- Create an user account on the domain controller called WEBUSER.
Note If this is not possible, a local user account must be set up on both the IIS computer and the computer that is hosting SQL Server. Make sure that the passwords match on all accounts you create and keep track of this password.
- Add the WEBUSER account to the guests group of both the SQL Server and the IIS computer.
- On the computer that is running IIS, start the Internet Service Manager.
- Open the properties for the WWW service.
- In the Anonymous Logon section on the Service tab of this dialog box, change the user name to WEBUSER and the password to the password that you used in step 1.
- On the computer that is hosting SQL Server, use the Security manager to map the WEBUSER account to an existing user logon on SQL Server. For more information on how to do this, consult the SQL Server documentation.
Make sure that any pages that need to access the SQL Server are accessible by the WEBUSER account. All users that browse these pages will be authenticated by NT as the WEBUSER; consequently, all connections to SQL Server will be made as the WEBUSER.
back to the top
REFERENCES
For the latest Knowledge Base artices and other support information on Visual InterDev and Active Server Pages, see the following page on the Microsoft Technical Support site:
- FAQs & Highlights for Visual InterDev
- How to Use the IIS Security "What If" Tool
- IIS and SQL Server on Separate Machines with Trusted Connection
Additional query words: Author is: PAULEN
Keywords: kbhowto kbhowtomaster kbsecurity kbwebserver KB176380