Solved

IIS Authentication

Posted on 2013-01-24
5
233 Views
Last Modified: 2013-01-28
Hi,

In IIS 7 there is section on Authentication.  By default for Anonymous Authentication, the user identify is set to IUSR

Whilst its set to this I get SQL access errors.

If I change it to 'Application pool identity' the error goes away.

The application pool identity is set to 'Localsystem'

Presumably this is working because IIS is located on the same machine as the development environment and I'm logged on as the Administrator.

What should be the correct settings?
0
Comment
Question by:andyw27
  • 2
  • 2
5 Comments
 
LVL 34

Accepted Solution

by:
Paul MacDonald earned 500 total points
ID: 38814351
What's correct depends on what you're doing, but I recommend leaving the IIS user as IUSR_whatever, and specifying a user and password in your connection string to SQL Server.  This gives you much more control and better security.
0
 
LVL 29

Expert Comment

by:becraig
ID: 38814352
The best practice would be having a specific account which is updated periodically for set as your app pool identiy.

This gives you the option of being able to add additional privileges as your app matures as well as minimizes the risk of any malicious activity on your system.

Create an account in your domain - limit logon ability etc- grant that acct permission to sql as well as to any other directories your app needs to access.

Getting your template right for this acct can be a bit tedious at first but it is your safest bet, built in accounts are too easily compromised for app pool identities.
0
 

Author Comment

by:andyw27
ID: 38814518
does not that create a risk that anybody can any user can open the web.config and and see password?
0
 
LVL 29

Expert Comment

by:becraig
ID: 38814534
If someone (risky) has access to your server's systemxx directory the app pool password would be the least of your worries :~)
0
 

Author Comment

by:andyw27
ID: 38814577
fair point
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
IIS FTP Logging 10 39
Finding Events logs for IIS website that restarts 2 14
Where is this file? 3 26
Phone Does Not Abide By CSS Breakpoint For Navigation Controls 6 22
Problem Hi all,    While many today have fast Internet connection, there are many still who do not, or are connecting through devices with a slower connect, so light web pages and fast load times are still popular.    If your ASP.NET page …
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question