HOWTO: Using ASP with a SQL Trusted Conn with Guest Acct

 Last reviewed: December 11, 1997
Article ID: Q176380
The information in this article applies to:
  • Microsoft Active Server Pages, versions 1.0, 1.0b
  • Microsoft Visual Studio versions 97

SUMMARY

When using Microsoft SQL Server with Integrated or Mixed Security with Microsoft Internet Information Server (IIS) 3.0, it may be necessary to access SQL Server from a guest account. Setting up a guest account can be used to work around problems connecting an IIS machine to SQL Server on a separate physical machine over a trusted connection.

MORE INFORMATION

This method allows IIS, using Active Server Pages (ASP), to access a SQL Server over a trusted connection, but the method limits all SQL access to guest access only. If you want all users to connect to the SQL Server and maintain their identity to properly map to different privilege levels in SQL Server, you will need to use Basic authentication.

Use the following steps to set up a user account in the NT user manager, make sure that both the SQL Server and the IIS machine have access to this account, and map this account to an SQL account.

  1. Create an NT user account (WEBUSER for this example) that both machines have can access. This is easily done by creating the account on the domain controller. If this is not possible, a local user account must be set up on both the IIS machine and the machine hosting SQL Server. Make sure that the passwords match on all accounts you create, and keep track of this password.

  2. Add the WEBUSER account to the guests group of both the SQL Server and the IIS machine.

  3. On the machine running IIS, start the Internet Service Manager.

  4. Open the properties for the WWW service.

  5. In the Anonymous Logon section on the Service tab of this tabbed dialog box, change the user name to WEBUSER and the password to the one used in step 1.

  6. On the machine hosting SQL Server, use the Security manager to map the WEBUSER account to an existing user logon on SQL Server. For more information on how to do this, consult the SQL Server documentation.

Make sure that any pages that need to access the SQL Server are accessible by the WEBUSER account. All users that browse these pages will be authenticated by NT as the WEBUSER and consequently, all connections to SQL Server will be made as the WEBUSER.

REFERENCES

For additional information, please see the following article(s) in the Microsoft Knowledge Base: 

   ARTICLE-ID: Q176379
   TITLE     : HOWTO: IIS and SQL Server on Separate Machines with Trusted
               Conn
For the latest Knowledge Base artices and other support information on Visual InterDev and Active Server Pages, see the following page on the Microsoft Technical Support site: 

   http://support.microsoft.com/support/vinterdev/
(c) Microsoft Corporation 1997, All Rights Reserved. Contributions by Paul Enfield, Microsoft Corporation 

Keywords          : AXSFCompADO AXSFDataBase
Technology        : kbInetDev
Version           : WINNT:1.0,1.0b,97
Platform          : winnt
Issue type        : kbhowto

================================================================================

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

Last reviewed: December 11, 1997
© 1998 Microsoft Corporation. All rights reserved. Terms of Use.