Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 237
  • Last Modified:

IIS Authentication

Hi,

In IIS 7 there is section on Authentication.  By default for Anonymous Authentication, the user identify is set to IUSR

Whilst its set to this I get SQL access errors.

If I change it to 'Application pool identity' the error goes away.

The application pool identity is set to 'Localsystem'

Presumably this is working because IIS is located on the same machine as the development environment and I'm logged on as the Administrator.

What should be the correct settings?
0
andyw27
Asked:
andyw27
  • 2
  • 2
1 Solution
 
Paul MacDonaldDirector, Information SystemsCommented:
What's correct depends on what you're doing, but I recommend leaving the IIS user as IUSR_whatever, and specifying a user and password in your connection string to SQL Server.  This gives you much more control and better security.
0
 
becraigCommented:
The best practice would be having a specific account which is updated periodically for set as your app pool identiy.

This gives you the option of being able to add additional privileges as your app matures as well as minimizes the risk of any malicious activity on your system.

Create an account in your domain - limit logon ability etc- grant that acct permission to sql as well as to any other directories your app needs to access.

Getting your template right for this acct can be a bit tedious at first but it is your safest bet, built in accounts are too easily compromised for app pool identities.
0
 
andyw27Author Commented:
does not that create a risk that anybody can any user can open the web.config and and see password?
0
 
becraigCommented:
If someone (risky) has access to your server's systemxx directory the app pool password would be the least of your worries :~)
0
 
andyw27Author Commented:
fair point
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now