Click here to Skip to main content
12,950,602 members (60,906 online)
Rate this:
Please Sign up or sign in to vote.
See more:

I have a small mvc 2 application that is deployed on a windows 2008 server, running IIS7. The site is going to be accessable only for a couple of users, using Windows Authentication. I need to be able to pick the user identity from the web gui, using WindowsIdentity.GetCurrent() or something like that. I guess the authorization can be easily configured in the config file. My problem is: What identity should I use in the IIS? If I pick the sysAdmin account for the server, I'll not be able to pick the user from the Web since it's always sysAdmin. If I use ApplicationPoolIdentity, I need to create an account for each user in SqlServer to access the database, and that will probably be a problem since new users will be added and removed pretty often. What i'm really looking for is something like this: The user uses windows authentication to access the website. Then the IIS uses the SysAdmin account to connect to the database. Is this possible?

Thanks in advance!
Posted 19-Dec-11 2:39am
Rate this: bad
Please Sign up or sign in to vote.

Solution 1

You could create a AD group and give the access you need to sqlserver to that group instead of to individuals.

Also, IIS allows impersonation, which means a person can authenticate to the site using their own login, but iis will use a specific impersonated user to do the database calls.
Find this under authentication, impersonation, click edit, and change the user to the one you want to connect to the database with
Rate this: bad
Please Sign up or sign in to vote.

Solution 2

In your web config, just set the mode to Windows Authentication for your application

<authentication mode="Windows" />

Now, decorate any controllers or actions that you want to force authentication against with the [Authorise] attribute.

public MyController : Controller

Any use of User.Identity in your MVC views will now be showing the windows user name. For your second part, you could achieve this in 2 ways.

1) Create a new application pool in IIS. Edit the application pool (properties) and goto the Identity tab. Change it from 'Predefined' to 'Configurable' and select a windows profile to use. e.g MYDOMAIN\SqlAppUser. If you are using Integrated security in your connection string to the SQL database, it will now use the identity defined by the application pool when connecting. You just need to add this single account to the SQL server security settings & you are done.

2) You could alternatively remove Integrated Security from your connection string and just use 'standard' SQL security, define the account on SQL Server & away you go!

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

    Print Answers RSS
Top Experts
Last 24hrsThis month
OriginalGriff 5,829
CHill60 3,460
Maciej Los 2,953
Jochen Arndt 1,975
ppolymorphe 1,820

Advertise | Privacy | Mobile
Web02 | 2.8.170525.1 | Last Updated 6 Jan 2012
Copyright © CodeProject, 1999-2017
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100