IIS 7 Windows Authentication to SQL Server 2008 - sql-server-2008-r2

This will be a simple answer for those used to Windows authentication but as Solaris Sysadmin I am just looking for some clarification on how to implement Windows Authentication between an application running on an IIS7 Web Site (running on Server 2008 R2) and a Microsoft SQL 2008 Server.
The application at the moment uses this tag:
Data Source=mydbserverhostname;Initial Catalog=TheDBName;User ID=testuser; Password=apassword
In the specifications it is supposed to use this:
Data Source=mydbserverhostname;Initial Catalog=TheDBName;Integrated Security=SSPI;
I would like to go back and get the Windows Authentication working before I have to deploy to Production. From my understanding of Windows I need to have a Windows Domain account to authenticate against a Service Account which has been set on the SQL Server 2008.
What I am missing is how to achieve this and how to get it running as a service so that I can log out and leave IIS7 running the site and the SQL Server talking to each other.
I have read a couple of similar questions on this forum but the answers seem to be "just switch to SQL Authentication" which I need to avoid in the final implementation.
Any help would be appreciated.

When using the DefaultAppPool change the Identity to a custom username and password that matches the service account that has been created on the SQL Server/(LDAP) as per:
http://www.iis.net/learn/manage/configuring-security/application-pool-identities

Related

.net core 2.0 windows impersonation

I'm new to .NetCore 2.0. I'm building a simple HR application that runs on our intranet in VS2017/C#.
Server: Window 2012 R2
Using IIS as a reverse proxy.
Windows Authentication only -- all other authentication disabled.
.Net Core Windows server hosting on the server is 2.0.5.
In previous application (.net framework). I simply set the authentication on the site to windows, disabled all other authentication and set the identity impersonate = true in the web.config.
In .NET core, this is not working when the application attempts to access the database. In this case, I get an error stating that the IIS user cannot access the database (which they shouldn't be allowed to, the current windows login credentials should be used instead).
I have already done what it says in this link
https://learn.microsoft.com/en-us/aspnet/core/security/authentication/windowsauth?tabs=aspnetcore2x
I am still getting an error stating that the IIS user cannot get access to the db, but I want it to impersonate the windows credential, not the IIS user.
In short, how do I get windows authentication to work in .NET Core 2?
Any help is appreciated. Thanks

In CodeCharge Studio 4.3, i get a database error

I made a page and a Login page to secure that first page. When you login, it show the error:
Unable to establish connection to database.
Error information:
Microsoft OLE DB Provider for SQL Server (0x80040E4D)
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
Anyone know what this exactly means and what to do about it?
Answers help! :D
Check your Connection string settings for your 'Design' and the 'Live' server (which might be your own PC with IIS installed)
You may be able to access the tables etc when in Design mode, but when you publish it (even locally) it will use the 'Live' server details - which will mean you need to check that IIS has an appropriate user to access the SQL Server and database.
Most of the time I use 'SQL Authentication', but either way you need to allow the user access to SQL and DB.
Have a look at these other questions for options:
How do I configure SQL Server to allow access via IIS
and Microsoft has several options from this article:
MSDN Accessing SQL Server from a Web Application

How can SQL sysadmin get to "forbidden" areas of Windows

Logging in as administrator to Window 2008 R2 I can access all files on the server, naturally.
If I then login to SQL Server 2008 R2 as sa, I cannot access some flat files, for example, to Restore or dump data via bcp. (I can access all flat files via Import/Export Wizard though.)
I end up moving backup files around the file system until I find somewhere that works, or dumping data files to places I would prefer not to use.
How do I give sysadmin rights to these forbidden folders?
Why would my predecessor have blocked sysadmin access to these areas, do you think?
It's because when you are logged into SQL server as SA, you are the admin for SQL server, not the Windows server itself.
You are constrained to what the SQL server service account has rights to access on the machine as that is the context in which SQL server runs.
To be able to access these windows locations from within SQL server, first identify the name of the service account that is actually running the SQL server service and then give the permissions on the folders to this account.
To find the SQL Server service account, you can query the sys.dm_server_services DMV to find the account:
SELECT * FROM sys.dm_server_services
This will show you the service account set for each service, alternatively, you could just look in either the services console in Windows or SQL server configuration manager to see what account the SQL server is logging on as.
This DMV was introduded in SQL Server 2008 R2 SP1, so won't work in earlier versions, the following article has some information on various ways to find the service account:
Get SQL Server Service Account using T-SQL

Grant "Log on as a service" permission AND service Logon Account during installation(Installshield 2010)

I`m developing install application via Installshield Basic MSI Project
I have a little problem when granting "Log on as a service" permission
(Control panel -> Administrative tools -> Local Security Settings)
In Windows server 2003, NTRights.exe works fine.
In Windows server 2008 and 2008 R2, NTRight.exe also works fine but "NTRights.exe" is just part of "Windows server 2003 Toolkit"
I want to use another method.
Can Anyone do same thing using another way?
In a Service Panel, I have to set Logon account and password using end user input.
But Installshield supports just fixed id, password. It cannot be used.
How can i do this to set logon account?
Logon account information should be provided during installation
Check out this article. Once you understand it, just change it up a bit by using information from the second link.
Augmenting InstallShield using Windows Installer XML - Certificates
User Element (Util Extension)
Another approach using a WiX DTF custom action can be found at:
Different year, Same Problem...

Is it possible to not use Windows Authentication w/ a SQL Server Filestream store and using streaming access to a file within it?

Everything I've seen and experienced so far suggests that you must use Windows Authentication if you want to access a file via Win32 from within the a databases filestream store but is it possible to use jsut SQL authentication somehow?
No, you have to use Windows Authentication.
See the official team Web Log for Microsoft Customer Service and Support (CSS) SQL Support:
How It Works: File Streams Requires Integrated Security (Windows Authentication)