Friday, January 2, 2009

Configuring ASP.NET to use Integrated Security

Below are the steps for configuring Integrated Security for a ASP.NET application. These instructions are for Windows 2003 systems, one running IIS and the other SQL Server 2005.

  1. On the Web Server, Right Click My Computer and select Manage

  2. On the Computer Management Window, expand the Local Users and Groups menu item

  3. Right Click the Users folder and select New User

  4. On the New User window, enter the information for the local account. (Remember to uncheck the “User must change password at next logon” checkbox). Click

  5. Back on the Computer Management window, right click the local account and select
    Properties. On the Member of tab, click Add

  6. On the Select Groups window, ensure that the From this Location field is the name of the Web Server then click the
    Advanced button

  7. On the next window, click Find Now. Select the IIS_WPG group and then click
    OK. Click OK again to save the settings

  8. Grant the newly created local account Modify access to the C:\WINDOWS\Temp folder

  9. In IIS, expand the Application Pools menu. Either create a new application pool or right click an existing one. Select
    Properties and then the Identity tab

  10. Select Configurable then Browse for the newly created account and enter the password twice for the account. Click
    Apply and then OK

  11. On the Directory tab of the Properties for the Website, in the Application Pool field select it to run using the application pool identified with the local account

  12. Repeat steps 1 through 4 to create a local account with the same User ID,Name, and Password on the SQL Server. This local account doesn’t need to a be a member of any groups

  13. Open SQL Server Management Studio

  14. Expand the Security menu for the server

  15. Right Click the Logins folder and select New Login

  16. Click the Search button and find the local account on the SQL server

  17. Map that account to the required database

  18. Grant the local account access to any tables or stored procedures

No comments: