设置IIS以运行应用程序，并使用用户凭据打开SQL连接

Question

For those of you who have been doing this for a while this will be a brisk type of question and answer. I just switched to webforms from winforms. Currently my ASP apps on IIS server open connections to SQL server using IIS server's credentials. I added IIS server name to SQL server security so SQL integrated authentication would work well. As such all my LinqDataSources work well too. When I use SqlDataSource however, user's credentials are passed to the SQL server. As long as I access ASP application from computer on the domain with domain user logged in (with SQL premissions) the SqlDataSource works well. If I open that same ASP application from a browser that is not on a domain computer with domain user logged in SQL fails authentication. I could provide user's credentials in connection string but SQL server is not set to sa authentication (only integrated authentication) and I don't want to change it now. How can I set IIS to authenticate ASP apps as user to SQL or how can I forcefeen into connection string despite Integrated Authentication.

Answer 1

your correct with webforms and datasource controls it will use the logged on user if you have intergrated auth enabled, the fact that it works in the same domain as the server and not in another domain, indicates its working ok from a config point of view, perhaps a trust relationship issue, can you access any resource from the other domain, can they connect to the webserver at all outside of your sql ? if so IIS must be working and perhaps the credintials don't have permissions on the SQL server consider using a Stored procedure and setting up a role db_executor and assing that role execute permission on the SP, it's much more secure anyway