The ASPNET Sql Server Account

**wey97** · Mar 2nd, 2004, 12:37 PM

What's the proper way to setup this account in SQL Server?

We're using Windows authentication on our network and to give any user permission in the database I have to grant it to the ASPNET account. This seems to defeat the purpose of using Windows authentication because anyone that opens the ASP.NET page will have those rights in the database even if they aren't listed as a user in the DB.

For example, I give read-only rights to the ASPNET account and even if I give an individual user db_datawriter rights, they still cannot write to the DB unless I grant the ASPNET account db_datawriter rights. Then anyone can save/modify the data.

**davidrobin** · Mar 3rd, 2004, 09:50 AM

Is SQL server installed on the same machine as IIS?

This will have an impace on how the ASPNET user operates.

**wey97** · Mar 3rd, 2004, 09:51 AM

Both are on the same machine.

**hellswraith** · Mar 3rd, 2004, 01:46 PM

set impersonation on in the web config file

<impersonate=true/>

Or something to that affect....

**davidrobin** · Mar 4th, 2004, 03:46 AM

This is a good article on the microsoft site, it explains the different methods for accessing SQL server.

http://msdn.microsoft.com/library/de...pplication.asp

This is also a good article.
http://support.microsoft.com/default...b;en-us;815154

**wey97** · Mar 4th, 2004, 08:05 AM

Originally posted by hellswraith
set impersonation on in the web config file

<impersonate=true/>

Or something to that affect....

that did the trick. well actually it was

<identity impersonate="true" />

then you can get rid of the ASPNET account if using Windows authentication.

**davidrobin** · Mar 4th, 2004, 08:14 AM

Does anyone know if this impersonate would work if IIS and SQL server are on different machines.
I have a feeling it won't but I am happy to be told I am wrong.

**wey97** · Mar 4th, 2004, 08:17 AM

I'm pretty sure they have to be on the same machine. I think I read that on MSDN.

**davidrobin** · Mar 4th, 2004, 08:20 AM

That was my understanding. The first article in on of my previous posts talks about it.
Sometimes I wonder if I understand it the way they mean it.

**wey97** · Mar 4th, 2004, 08:32 AM

From my interpretation of the article, You need to have the SQL Server and IIS (web server) on the same machine if you want to use Windows authentication OR anonymous access with the ASPNET account.

If you want to access the SQL Server using a Mapped Windows Domain User or prompting for the username and password and passing them as credentials then you don't need the SQL Server and web server on the same machine.

**davidrobin** · Mar 4th, 2004, 09:39 AM

I went on ASP.NET training last week where IIS and SQL were on the same server, the ASPNET account was used.
We came away thinking that is how it naturally worked. It took me half a day and some searching to find out it wasn't so cut and dried.

Thread: The ASPNET Sql Server Account

Thread Tools

Display

The ASPNET Sql Server Account

Posting Permissions