Announcement

Collapse
No announcement yet.

How to add IIS_IUSRS to SQL Server

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    How to add IIS_IUSRS to SQL Server

    Do any of you guys know how to add IIS_USRS to SQL Server?

    For the past 25 years I have used a user name and password combo to have my PowerBasic CC CGI applications access SQL Server.

    So today I figured I would try to use "Integrated Security" as Microsoft says it is a best practice for web servers accessing SQL Server. Not so easy! Especially when you don't know how to do it.

    I tried the obvious stuff like trying to make a Login for WEB-SERVER-1\IIS_IUSRS and BUILTIN\IIS_IUSRS and IIS APPPOOL\cerrutihome.com - that is the name of the application pool.

    You would think Google might have a pointer or two.... Perhaps I am not asking the question correctly.
    Tags: None
    #2
    Are you running Active Directory on the server?
    Do you have IIS Server rurnning on your web server?
    Are your CGI applications running under IIS ?

    Is the SQL Server running on the same web server machine

    (And what's this got to do with PowerBASIC programming? )
    Last edited by Stuart McLachlan; 23 Apr 2023, 03:20 AM.
    =========================
    https://camcopng.com
    =========================

    Comment

      #3
      Stuart McLachlan No AD, WebServer and DB Server are on same machine for the moment.

      Comment

        #4
        Originally posted by David Clarke View Post
        Stuart McLachlan No AD, WebServer and DB Server are on same machine for the moment.
        Are your CGIs running under IIS ?
        =========================
        https://camcopng.com
        =========================

        Comment

          #5
          Stuart McLachlan Yes.

          Comment

            #6
            This one is for asp.net, but it may point you in the right direction:
            https://learn.microsoft.com/en-us/pr...5788z(v=vs.100)

            I generally work with Apache servers, mySQL and PHP rather than Windows servers and CGI so can't add much more here.

            =========================
            https://camcopng.com
            =========================

            Comment

              #7
              Thinking about it, if you only allow connection to the SQL server from its own IP address, there is little or no benefit in using integrated security.
              =========================
              https://camcopng.com
              =========================

              Comment

                #8
                Stuart McLachlan What if I am using named pipes or memory.... TCP inside the same box... What is the deal with that? I need to play with the transport settings....

                Comment

                  #9
                  I always install SQL in mixed authentication mode, and create a user name and password for use by my programs, Then use ODBC to connect. I use SQL_Tools, so putting it in the connection string in the source is pretty easy.
                  Real programmers use a magnetized needle and a steady hand

                  Comment

                    #10
                    Bud Durland - That is what I have been doing my self for years. One of my clients runs one of my applications using windows security and I was trying to simulate it at my office.

                    Comment

                      #11
                      I don't think that this will help you so much, but here it is anyhow

                      When accessing my SQL DB without DB users I use the following ODBC string.
                      DRIVER=ODBC Driver 11 FOR SQL SERVER; Trusted_Connection=Yes; SERVER=MyServerName\MyDB

                      and with DB users
                      DRIVER=ODBC Driver 11 FOR SQL SERVER; Uid=[User]; Pwd=[Passw]; SERVER=MyServerName\MyDB​

                      Comment

                        #12
                        Thanks guys - The issue is (I think) is that the web server is a different user.

                        Comment

                          #13
                          Originally posted by David Clarke View Post
                          Thanks guys - The issue is (I think) is that the web server is a different user.
                          Most likely. Good luck sorting it out
                          (this is why I continue to use Apache for hosting my CGI's)
                          Real programmers use a magnetized needle and a steady hand

                          Comment

                            #14
                            David you just need to add the user defined for the app pool to the trusted login on SQL. Not the best of secure ways but that's the ID your CGI app inherits.If your pool is called XXX then the user IIS AppPool\XXX

                            It is better that you configure a serice account for your CGI APP and have a Hash for logins. Better still, use FASTCGI as the performance difference is staqggering.

                            Comment

                            Previous template Next
                            Working...
                            X
                            😀
                            🥰
                            🤢
                            😎
                            😡
                            👍
                            👎

                            We process personal data about users of our site, through the use of cookies and other technologies, to deliver our services, and to analyze site activity. For additional details, refer to our Privacy Policy.

                            By clicking "I AGREE" below, you agree to our Privacy Policy and our personal data processing and cookie practices as described therein. You also acknowledge that this forum may be hosted outside your country and you consent to the collection, storage, and processing of your data in the country where this forum is hosted.

                            I Agree