ASP.NET and IIS config

Question

4.00/5 (1 vote)

See more:

Hey!

I have a small mvc 2 application that is deployed on a windows 2008 server, running IIS7. The site is going to be accessable only for a couple of users, using Windows Authentication. I need to be able to pick the user identity from the web gui, using WindowsIdentity.GetCurrent() or something like that. I guess the authorization can be easily configured in the config file. My problem is: What identity should I use in the IIS? If I pick the sysAdmin account for the server, I'll not be able to pick the user from the Web since it's always sysAdmin. If I use ApplicationPoolIdentity, I need to create an account for each user in SqlServer to access the database, and that will probably be a problem since new users will be added and removed pretty often. What i'm really looking for is something like this: The user uses windows authentication to access the website. Then the IIS uses the SysAdmin account to connect to the database. Is this possible?

Thanks in advance!
Erik

Posted 19-Dec-11 2:39am

suunker

Add a Solution

3 solutions

Solution 2

In your web config, just set the mode to Windows Authentication for your application

XML

<authentication mode="Windows" />

Now, decorate any controllers or actions that you want to force authentication against with the [Authorise] attribute.

C#

e.g

[Authorise]
public MyController : Controller
{
}

Any use of User.Identity in your MVC views will now be showing the windows user name. For your second part, you could achieve this in 2 ways.

1) Create a new application pool in IIS. Edit the application pool (properties) and goto the Identity tab. Change it from 'Predefined' to 'Configurable' and select a windows profile to use. e.g MYDOMAIN\SqlAppUser. If you are using Integrated security in your connection string to the SQL database, it will now use the identity defined by the application pool when connecting. You just need to add this single account to the SQL server security settings & you are done.

2) You could alternatively remove Integrated Security from your connection string and just use 'standard' SQL security, define the account on SQL Server & away you go!

Posted 6-Jan-12 4:19am

Dylan Morley

Solution 3

check these blogs
http://technet.microsoft.com/en-us/library/cc730708%28WS.10%29.aspx[^]
http://learn.iis.net/page.aspx/243/aspnet-integration-with-iis/[^]
--NDK

Posted 6-Jan-12 9:20am

NandaKumer

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

donaldrichardson · Accepted Answer · 2012-01-06T03:37:00

You could create a AD group and give the access you need to sqlserver to that group instead of to individuals.

Also, IIS allows impersonation, which means a person can authenticate to the site using their own login, but iis will use a specific impersonated user to do the database calls.
Find this under authentication, asp.net impersonation, click edit, and change the user to the one you want to connect to the database with