|
it
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Trusted Connection via ASP page.
Win03 and Win03SQLsp3a servers in the same domain. We are in hybrid mode
with W03 DC's Back on NT 4, one could not do a trusted connection via web page when IIS and SQL were on different servers. We have tried since on the new platforms and see the same results. Makes me wonder if there is something fishy with our domain. Should one be able to make a trusted connection in a 2 server scenario? "CD" <mcd***@hotmail.REMOVETHIS.com> wrote in message Nothing wrong with your domain. See:news:#96674rGFHA.2744@tk2msftngp13.phx.gbl... > Win03 and Win03SQLsp3a servers in the same domain. We are in hybrid mode > with W03 DC's > > Back on NT 4, one could not do a trusted connection via web page when IIS > and SQL were on different servers. > > We have tried since on the new platforms and see the same results. Makes me > wonder if there is something fishy with our domain. > > Should one be able to make a trusted connection in a 2 server scenario? http://support.microsoft.com/kb/176380/EN-US/ http://support.microsoft.com/kb/176377/EN-US/ -- Tom Kaminski IIS MVP http://www.microsoft.com/windowsserver2003/community/centers/iis/ http://mvp.support.microsoft.com/ http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS Thanks for the reply.
In Q176377 it makes reference to fixed but for Kerberos only... 1) Is this a method that can be defined in the connection string? Comment from Q: By eliminating the need for IIS to create an authenticated connection to SQL Server, you can work around this problem. To do this you must use a data source name (DSN) that does not look out to the network for the SQL Server and instead looks directly to the local machine. This can be done by using the "(local)" setting in a System DSN. 2)Does this mean if the programmer was to use a Local DSN on the web server it would do a trusted connection to the remote SQL? Assume it was defined as such in the local DSN creation. In the past they have used DSN-Less connection strings. Show quote > Nothing wrong with your domain. See: > http://support.microsoft.com/kb/176380/EN-US/ > http://support.microsoft.com/kb/176377/EN-US/ > > -- > Tom Kaminski IIS MVP > http://www.microsoft.com/windowsserver2003/community/centers/iis/ > http://mvp.support.microsoft.com/ > http://www.iistoolshed.com/ - tools, scripts, and utilities for running > IIS > > "CD" <mcd***@hotmail.REMOVETHIS.com> wrote in message Not 100% sure but i don't think so.news:OeSlQ8zGFHA.2736@TK2MSFTNGP09.phx.gbl... > Thanks for the reply. > > In Q176377 it makes reference to fixed but for Kerberos only... > 1) Is this a method that can be defined in the connection string? > Comment from Q: No - local would refer to a database on that server.> By eliminating the need for IIS to create an authenticated connection to SQL > Server, you can work around this problem. To do this you must use a data > source name (DSN) that does not look out to the network for the SQL Server > and instead looks directly to the local machine. This can be done by using > the "(local)" setting in a System DSN. > > 2)Does this mean if the programmer was to use a Local DSN on the web server > it would do a trusted connection to the remote SQL? Assume it was defined > as such in the local DSN creation. In the past they have used DSN-Less > connection strings. -- Tom Kaminski IIS MVP http://www.microsoft.com/windowsserver2003/community/centers/iis/ http://mvp.support.microsoft.com/ http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS Thanks Tom,
So this is another MS cluster fudge. They would rather you use only NT authencation for SQL. But yet it causes issues with data access from a web server. I am not in favor of sending plain text across the network as this seems to be the only option for a trusted connection.  |
|||||||||||||||||||||||
Other interesting topics