SQL Server Performance Forum – Threads Archive
connect web server to sql server
Hello,I have a similar problem i think.
i got two servers, one for web(called web1) and one for sql(called sql1).
In the past we have been running sql server on the web server (web1).
After a while we got another server (sql1) to use only for sql.
Both servers have MSSQL2000 (mixed mode).
web1 running on win2k server.
sql1 running on win 2003 server.
An important fact is : We are working in an intranet zone. When i’m connecting to web1 with Terminal Services and using a local account, i can’t configure an odbc connection to sql1 Although in sql1, in the sql-server’s logins i defined web1superuser which is the user i’m connected with via Terminal Services. I thought of using a domain-user to link the web & sql servers … How can i do it ?
1
You could use a sql login instead of a windows account and let your web applicatiosn connect with that instead. 2.
If you need to use a windows account, then normally you need a domain controller or you create a local account with identical name and password on both servers.
http://weblogs.asp.net/AChang/archive/2004/04/15/113866.aspx http://weblogs.sqlteam.com/justinb/archive/2004/04/15/1262.aspx Satya SKJ
Contributing Editor & Forums Moderator
http://www.SQL-Server-Performance.Com
This posting is provided “AS IS†with no rights for the sake of knowledge sharing.
Thanks for those references … but,
by using any kind of impersonation between the servers i’m loosing along the way the
login credentials of the client that using my web site.
In other words, i want my SQL-Server to identify the login of the user and not any other user credentials i’ve supplied ! Got some other advices ? SOS !!! 10x in advance.
You seem to be describing the whole argument for using a non-Windows login! You also mention "Web1superuser" as a SQL login, but that doesn’t appear to be correct: a SQL Server login doesn’t have the <domain><login> format. Your account is a local Windows account on the web1 server, so no wonder it can’t connect to the instance of SQL Server running on sql1 server.
If I’m not mistaken, if you want to make Windows (trusted) connections from your web server to your SQL Server you either: a) Have to have the SQL Server on the same machine as the web server
or
b) Enable account delegation using Kerberos. It’s being a while since I’ve had to do this sort of thing but that’s the way it used to be unless something has changed.
quote:Originally posted by ibasoni
Thanks for those references … but,
by using any kind of impersonation between the servers i’m loosing along the way the
login credentials of the client that using my web site.
In other words, i want my SQL-Server to identify the login of the user and not any other user credentials i’ve supplied ! Got some other advices ? SOS !!! 10x in advance.
by using any kind of impersonation between the servers i’m loosing along the way the
login credentials of the client that using my web site.
In other words, i want my SQL-Server to identify the login of the user and not any other user credentials i’ve supplied ! Got some other advices ? SOS !!! 10x in advance.
Karl Grambow www.sqldbcontrol.com
10x Karl,
After some digging on the subject i’ve seen that this should be the way of doing it.
Only, i couldn’t find a good reference on the subject.(maybe you have one?) From what i understand is that i need to do the following procedures :
1. Define my IIS to run on a domain user.
2. Allow delegation for that user. Am i right ? Adriaan – sorry if i haven’t described my problem appropriately.
Hi,<br />what you can do is :<br /><br />1). Map your windows user to SQL Login (with appropriate access rights to DB)<br />2). in IIS (theirs a default settings for it , e.g. it will ask you your windows login creditial to enter into ) , if you need some specific you can map those user to IIS <br />Open IIS manager -> Directory (web/virtual site ) -> properties -> security<br />but it will sent your passwords in Plain Text Accross network where as if you have implement Kerbros it will sent your Authentication Credential (password) in Encrypted format.<br />or <br />as Adriaan suggested use SQL User Login instead of Windows Login <br /><br /><img src=’/community/emoticons/emotion-1.gif’ alt=’
‘ /><br />Regards <br /><br /><br /><br />Hemantgiri S. Goswami<br />[email protected]<br />"Humans don’t have Caliber to PASS TIME , Time it self Pass or Fail Humans" – by Hemantgiri S. Goswami<br />
10x for the reply but this is not the issue here.
i don’t want any kind of impersonation (Using sql-login or impersonating to some other user), i need the client’s login to go through the web server and from there to the sql-server (which is on other machine). A part of the solution is using Delegation as explained in the following article :
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adminsql/ad_security_2gmm.asp If anyone has some more suggstions (not including impersonation) or anyone did the following procedure, i will be glad to check them. Thanks.
]]>