SUMMARY

When you use Microsoft SQL Server with Integrated or Mixed Security with Microsoft Internet Information Server (IIS), it may be necessary to access SQL Server from a guest account. You can set up a guest account to work around problems connecting an IIS computer to SQL Server on a separate physical computer over a trusted connection.

This method allows IIS, using Active Server Pages (ASP), to access a SQL Server over a trusted connection, but the method limits all SQL access to guest access only. If you want all users to connect to the SQL Server and maintain their identity to properly map to different privilege levels in SQL Server, you will need to use Basic authentication.

back to the top

Create a Guest Account to Access SQL Server from an IIS Server

Create an NT user account (WEBUSER for this example) that both computers can access. To do this:

1. Create an user account on the domain controller called WEBUSER.
   

Note  If this is not possible, a local user account must be set up on both the IIS computer and the computer that is hosting SQL Server. Make sure that the passwords match on all accounts you create and keep track of this password.

1. Add the WEBUSER account to the guests group of both the SQL Server and the IIS computer.
2. On the computer that is running IIS, start the Internet Service Manager.
3. Open the properties for the WWW service.
4. In the Anonymous Logon section on the Service tab of this dialog box, change the user name to WEBUSER and the password to the password that you used in step 1.
5. On the computer that is hosting SQL Server, use the Security manager to map the WEBUSER account to an existing user logon on SQL Server. For more information on how to do this, consult the SQL Server documentation.

Make sure that any pages that need to access the SQL Server are accessible by the WEBUSER account. All users that browse these pages will be authenticated by NT as the WEBUSER; consequently, all connections to SQL Server will be made as the WEBUSER.

back to the top