Application pool ID in IIS and Integrated security for SQL Server

Question

Application pool ID in IIS and Integrated security for SQL Server

If I have an ASP.NET web application using impersonation and a SQL Server connecting string with Integrated Security = true, does the application's IIS application pool ID play any role?

Do I need to identify a specific user (LocalSystem, NetworkServices, or a domain user)? This is in Windows 2003.

+2

asp.net iis windows-server-2003 application-pool

Tony_Henrich 10 Sep '09 at 12:36

source to share

1 answer

Remus Rusanu · Accepted Answer · 2009-09-10T00:49:04+0000

If SQL Server is in a different block than IIS, then the IIS application pool identifier must be trusted to restrict delegation. See How to Use the Transition Protocol and Constrained Deletion in ASP.NET 2.0 . If the IIS application is running as NETWORK SERVICE or SYSTEM, then the IIS machine account must be trusted for constrained delegation. The linked resource has all the steps to install this.

If SQL Server is on the same machine as IIS then there is no requirement afaik.

Application pool ID in IIS and Integrated security for SQL Server

More articles: