Prev: 0xC0207015 error in SSIS but not DTS
Next: How Can I establish connection 16bit o.s MS DOS 6.22 to to SQL Se
From: Dan Guzman on 27 Feb 2010 13:10
> Assume I use Integrated Security. I have two windows accounts one account
> Tony that I use when logging in to the machine and the other is ASPNET
> IIS is using.
> How can I see in Sql Server what access rights these two accounts have.
> None of these two account exist in Sql Server.
Be aware that there are 2 levels of authentication and authorization that
occur with an IIS database application: IIS and SQL Server. IIS first
confirms the end user identity based on the IIS site configuration. The
user can use the application only if they are authorized or anonymous access
is enabled. Once authorized, an application using Integrated Security to
connect to SQL Server typically connects to SQL Server using the Windows
domain account you specify as the IIS anonymous or application pool security
context. The credentials of the end user are not used to connect to the
database server in this scenario. You'll need to add a SQL Server login for
the IIS Windows account (or group) as well as the corresponding database
user and object permissions.
There are ways to configure IIS to use the end user credentials, but this is
usually done only for intranet applications. See
http://technet.microsoft.com/en-us/library/cc733010(WS.10).aspx for more
Hope this helps.
SQL Server MVP