SQLSRV_connect with windows authentication

I am trying to connect  a PHP 7.2.2 application to a SQL server database, using windows authentication, but am seeing this error

Array ( [0] => Array ( [0] => 28000 [SQLSTATE] => 28000 [1] => 18456 [code] => 18456 [2] => [Microsoft][ODBC Driver 17 for SQL Server][SQL Server]Login failed for user 'NT AUTHORITY\IUSR'. [message] => [Microsoft][ODBC Driver 17 for SQL Server][SQL Server]Login failed for user 'NT AUTHORITY\IUSR'. ) [1] => Array ( [0] => 28000 [SQLSTATE] => 28000 [1] => 18456 [code] => 18456 [2] => [Microsoft][ODBC Driver 17 for SQL Server][SQL Server]Login failed for user 'NT AUTHORITY\IUSR'. [message] => [Microsoft][ODBC Driver 17 for SQL Server][SQL Server]Login failed for user 'NT AUTHORITY\IUSR'. ) )

Open in new window


Please advise on what to need to do to resolve the problem.
rwlloyd71Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

gr8gonzoConsultantCommented:
Basically, it's saying that the NT AUTHORITY\IUSR is the user account that is being used to authenticate against the SQL server database, but that particular user does not have permissions to connect.

So either you aren't using the correct credentials or methodology to pass the correct credentials, or else you need to allow NT AUTHORITY\IUSR to connect.

Typically, this is because you're not correctly specifying credentials in your DB connection string, and so it's falling back to using the app pool user account (which usually runs as that IUSR user).

Here's a good article from Microsoft that expands on this:
https://blogs.msdn.microsoft.com/brian_swan/2010/02/10/sql-server-driver-for-php-understanding-windows-authentication/

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
dfkeCommented:
Hi,

If you're getting the error "Login failed for user 'NT AUTHORITY\IUSR'", then your app is not using the account that you set up. It's passing along the user credentials from IIS, which in the case of allowing anonymous access is IUSR.

Other than making sure the account you set up has the appropriate access, this isn't really a SQL question. It's a matter of fixing your connection properties in your app.

Cheers
Dave BaldwinFixer of ProblemsCommented:
"windows authentication" requires a logged in user on the machine where the SQL Server is.  You can not use it for a remote login, it just won't work.  SQL Authentication can be used for remote logins because it is just username and password.
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

rwlloyd71Author Commented:
Thank you for all your comments.

To clarify, I understand that only allowing SQL to accept windows authentication makes the service more secure, so I was trying to not use an SQL login.

Your comments seem to suggest that my php application cannot connect with just windows authentication, so I will have to allow SQL logins and create an account to login with.

Is this correct?
rwlloyd71Author Commented:
On the other hand, by having a windows authentication, I may be granting too generous permissions on the whole database with my connection, so maybe I am better off with an SQL login...
gr8gonzoConsultantCommented:
Please make sure you read that blog from Microsoft. It covers this issue in-depth. However I would agree that using standard SQL login credentials is better for web apps due to the way that IIS runs. Integrated Windows auth is usually better suited for human users (just my general opinion - there will always be exceptions). Like you said, granting IUSR access to your DB would probably result in more access than you want.
Dave BaldwinFixer of ProblemsCommented:
For what it's worth, I use Windows Auth with SSMS and SQL Auth with my PHP applications on 4 different installs of SQL Server Express.
rwlloyd71Author Commented:
I am going to use an SQL login for my phone connection and windows for any direct database work with SSMS
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.