Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
See more: IIS7 ASP.NET
Hey!
 
I have a small mvc 2 application that is deployed on a windows 2008 server, running IIS7. The site is going to be accessable only for a couple of users, using Windows Authentication. I need to be able to pick the user identity from the web gui, using WindowsIdentity.GetCurrent() or something like that. I guess the authorization can be easily configured in the config file. My problem is: What identity should I use in the IIS? If I pick the sysAdmin account for the server, I'll not be able to pick the user from the Web since it's always sysAdmin. If I use ApplicationPoolIdentity, I need to create an account for each user in SqlServer to access the database, and that will probably be a problem since new users will be added and removed pretty often. What i'm really looking for is something like this: The user uses windows authentication to access the website. Then the IIS uses the SysAdmin account to connect to the database. Is this possible?
 
Thanks in advance!
Erik
Posted 19-Dec-11 2:39am
suunker232
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

You could create a AD group and give the access you need to sqlserver to that group instead of to individuals.
 
Also, IIS allows impersonation, which means a person can authenticate to the site using their own login, but iis will use a specific impersonated user to do the database calls.
Find this under authentication, asp.net impersonation, click edit, and change the user to the one you want to connect to the database with
  Permalink  
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 2

In your web config, just set the mode to Windows Authentication for your application
 
<authentication mode="Windows" />
 
Now, decorate any controllers or actions that you want to force authentication against with the [Authorise] attribute.
 
e.g
 
[Authorise]
public MyController : Controller
{
}
 
Any use of User.Identity in your MVC views will now be showing the windows user name. For your second part, you could achieve this in 2 ways.
 
1) Create a new application pool in IIS. Edit the application pool (properties) and goto the Identity tab. Change it from 'Predefined' to 'Configurable' and select a windows profile to use. e.g MYDOMAIN\SqlAppUser. If you are using Integrated security in your connection string to the SQL database, it will now use the identity defined by the application pool when connecting. You just need to add this single account to the SQL server security settings & you are done.
 
2) You could alternatively remove Integrated Security from your connection string and just use 'standard' SQL security, define the account on SQL Server & away you go!
  Permalink  

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 Nirav Prabtani 284
1 OriginalGriff 217
2 Sergey Alexandrovich Kryukov 196
3 Mika Wendelius 185
4 CPallini 170
0 Nirav Prabtani 284
1 OriginalGriff 217
2 Mika Wendelius 185
3 _Amy 170
4 CPallini 170


Advertise | Privacy | Mobile
Web03 | 2.8.140721.1 | Last Updated 6 Jan 2012
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100