 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
SQL Server Forum / General / Security / February 2008Integrated Security in the DMZ
I have a test web server in a domain. The IIS identity as a domain account. The website can access SQl Server (2005) using integrated security. I have a production web server in DMZ out side the domain. How can I setup the webserver to use integrated security? The SQL server is inside the domain.  SignatureArne Garvander Certified Geek Professional Data Dude You have to setup a trust between the DMZ domain and the internal domain. If your DMZ isn't an actual domain, then you'll have to setup a local windows acct on your sql box and use that acct to access on the DMZ side. So say on your sql box you setup a LOCAL user acct 'MySQLUser' You would setup the same LOCAL user acct on the DMZ box as well. Use the same password and everything. Then when you make the connection to the sql box from outside the domain, it will validate the windows permissions and should let you through because you're connecting with the same named acct and password. If neither of those 2 work, then just use sql auth and be done with it. > I have a test web server in a domain. The IIS identity as a domain account. > The website can access SQl Server (2005) using integrated security. > I have a production web server in DMZ out side the domain. How can I setup > the webserver to use integrated security? The SQL server is inside the domain. Sean, Thanks for your ideas. They sounds like an interesting idea, but I think there is more to it. I need to make IIS run under that account. I already have set my website in IIS with a domain account. Now email is trusted, but sql authentication is not trusted. To make things more complicate, I have a remote share defined in IIS. That remote share has its own identity which is different from the Identity that I use for the website. SignatureArne Garvander Certified Geek Professional Data Dude > You have to setup a trust between the DMZ domain and the internal domain. If > your DMZ isn't an actual domain, then you'll have to setup a local windows [quoted text clipped - 13 lines] > > I have a production web server in DMZ out side the domain. How can I setup > > the webserver to use integrated security? The SQL server is inside the domain. Actually it's not that complicated. If you can setup a trust between the domains your problems are solved. If you can't then you've got two choices: use sql auth or try the local acct idea. Your options are fairly limited here. > Sean, > Thanks for your ideas. [quoted text clipped - 23 lines] > > > I have a production web server in DMZ out side the domain. How can I setup > > > the webserver to use integrated security? The SQL server is inside the domain. Sean, I have this same situation and problem. I created a local account on the DMZ box with the same username and password as a domain account in the domain where the SQL Server box is running. This is not working. Are you saying that the account on the SQL Server box must also be a local account on that machine? So, authentication will not automatically propagate to the domain security database as it does in normal remote access? Dave > You have to setup a trust between the DMZ domain and the internal domain. > If [quoted text clipped - 19 lines] >> the webserver to use integrated security? The SQL server is inside the >> domain. |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2009 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.