adznon
asked on
Restrict access to IIS site to an AD Group with out breaking PHP SQL lookup
I have created a PHP page that interrogates an SQL server returning an array.
I need to restrict access to certain users/groups with in active directory. I have achieved this using Authorisation rules within iis, however by turning off allow anonymous users.
I get the following message
Array ( [0] => Array ( [0] => 28000 [SQLSTATE] => 28000 [1] => 18456 [code] => 18456 [2] => [Microsoft][ODBC Driver 13 for SQL Server][SQL Server]Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. [message] => [Microsoft][ODBC Driver 13 for SQL Server][SQL Server]Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. ) [1] => Array ( [0] => 28000 [SQLSTATE] => 28000 [1] => 18456 [code] => 18456 [2] => [Microsoft][ODBC Driver 13 for SQL Server][SQL Server]Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. [message] => [Microsoft][ODBC Driver 13 for SQL Server][SQL Server]Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. ) )
I need to restrict access to certain users/groups with in active directory. I have achieved this using Authorisation rules within iis, however by turning off allow anonymous users.
I get the following message
Array ( [0] => Array ( [0] => 28000 [SQLSTATE] => 28000 [1] => 18456 [code] => 18456 [2] => [Microsoft][ODBC Driver 13 for SQL Server][SQL Server]Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. [message] => [Microsoft][ODBC Driver 13 for SQL Server][SQL Server]Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. ) [1] => Array ( [0] => 28000 [SQLSTATE] => 28000 [1] => 18456 [code] => 18456 [2] => [Microsoft][ODBC Driver 13 for SQL Server][SQL Server]Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. [message] => [Microsoft][ODBC Driver 13 for SQL Server][SQL Server]Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. ) )
Robert
I would check the account your application pool uses and/or SPNs are correct.
ASKER
Its using ApplicationPoolIdentity
I can remember setting it to an account that has access to the SQL server but cant for the life of me remember where i set that.
Also i have given that user access to the website under the Authorisation rules
I can remember setting it to an account that has access to the SQL server but cant for the life of me remember where i set that.
Also i have given that user access to the website under the Authorisation rules
The app pool identity is found under the advanced settings.
So click on Application Pools
then select the app pool your site is using
in the action pane on the right hand side click Advanced Settings
Scroll down to the Process Model
When you select Identity you should get the 3... to specify the account.
So click on Application Pools
then select the app pool your site is using
in the action pane on the right hand side click Advanced Settings
Scroll down to the Process Model
When you select Identity you should get the 3... to specify the account.
ASKER
Have tried changing that to a user that has has access to the SQL server and admin on the local server but it doesnt help
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.