HOWTO: Using ASP With a SQL Trusted Connection With Guest Account

ID: Q176380

The information in this article applies to:

SUMMARY

When using Microsoft SQL Server with Integrated or Mixed Security with Microsoft Internet Information Server (IIS), it may be necessary to access SQL Server from a guest account. Setting up a guest account can be used to work around problems connecting an IIS machine to SQL Server on a separate physical machine over a trusted connection.


MORE INFORMATION

This method allows IIS, using Active Server Pages (ASP), to access a SQL Server over a trusted connection, but the method limits all SQL access to guest access only. If you want all users to connect to the SQL Server and maintain their identity to properly map to different privilege levels in SQL Server, you will need to use Basic authentication.

Use the following steps to set up a user account in the NT user manager, make sure that both the SQL Server and the IIS machine have access to this account, and map this account to an SQL account.

  1. Create an NT user account (WEBUSER for this example) that both machines have can access. This is easily done by creating the account on the domain controller. If this is not possible, a local user account must be set up on both the IIS machine and the machine hosting SQL Server. Make sure that the passwords match on all accounts you create, and keep track of this password.


  2. Add the WEBUSER account to the guests group of both the SQL Server and the IIS machine.


  3. On the machine running IIS, start the Internet Service Manager.


  4. Open the properties for the WWW service.


  5. In the Anonymous Logon section on the Service tab of this tabbed dialog box, change the user name to WEBUSER and the password to the one used in step 1.


  6. On the machine hosting SQL Server, use the Security manager to map the WEBUSER account to an existing user logon on SQL Server. For more information on how to do this, consult the SQL Server documentation.


Make sure that any pages that need to access the SQL Server are accessible by the WEBUSER account. All users that browse these pages will be authenticated by NT as the WEBUSER and consequently, all connections to SQL Server will be made as the WEBUSER.


REFERENCES

For additional information, please see the following article(s) in the Microsoft Knowledge Base:

Q176379 HOWTO: IIS and SQL Server on Separate Machines with Trusted Conn

For the latest Knowledge Base artices and other support information on Visual InterDev and Active Server Pages, see the following page on the Microsoft Technical Support site:

http://support.microsoft.com/support/vinterdev/

© Microsoft Corporation 1997, All Rights Reserved.
Contributions by Paul Enfield, Microsoft Corporation

Additional query words: 


Keywords          : kbASP kbNTOS400 kbSecurity kbSQLServ kbWebServer kbGrpASP 
Version           : WINDOWS:97; winnt:3.0,4.0
Platform          : WINDOWS winnt 
Issue type        : kbhowto

Last Reviewed: May 27, 1999