Yak Posting Veteran
Posted - 04/17/2013 : 09:50:33
| SQL SVR 2008 R2
I currently have both windows auth and server auth enabled. I use server auth to allow me to use sql svr mgmt studio to remotely administer the db, and also so I can test my app remotely (on the dev box) using live data. I have renamed the sa account and am using a strong password, additionally I scan the sql svr logs for any brute force attacks and automatically add the offending IP's to the secpol blocked list.
I seldom use the remote debugging and I can runs mgmt studio from the server (via remote desktop) for any admin needs, so I am considering getting rid of server auth and using only windows auth.
I am a programmer with only enough sql server knowledge to be dangerous.
To make sure I have the basics correct: Is it true that server auth is used only to allow over the internet connection and with windows auth the user must be logged on to the server?
So with my website that uses the sql server, the users will be logged in as a temporary Internet user and if I allow this account access to the sql server my site will (with the appropriate connection string) still be able to asscess the db?
This seems correct but in implementing the details I have failed.
My site is an asp.net 4 site, the server has an IIS_User group so I created a user account and added it to this group. I gave this account access in sql server and setup the connection string but could not connect.
Exactly how do I need to configure the server (windows server 2008 r2) and sql server to allow my asp.net 4.0 website to to use windows authentication?
Edited by - kpgraci on 04/17/2013 09:53:13