How to create trust between an IIS server in the DMZ and a SQL Server in a domain:
- Read: Building Secure
ASP.NET Applications: Authentication, Authorization, and Secure Communication
That document has some broken links. The link below has been corrected:
Create a Service Account
for an ASP.NET 2.0 Application.
- Create two identical local accounts on the DMZ server where IIS reside and the server
where SQL server reside. Use the same account name and password on both computers.
- In SQL Server create the local account:
CREATE LOGIN [ComputerName\User1] FROM WINDOWS WITH DEFAULT_DATABASE=[mydatabase]
Give this account the appropriate rights to the database and stored procedures that
it will access.
- On the DMZ server:
- open a cmd prompt
got C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727
aspnet_regiis -ga MachineName\AccountName
- Open the IIS Manager.
Open properties for your website.
Click on the directory security tab
Click the first Edit button
Enter the local account you just created as the windows account for anonymous user.
- Edit the web.config for your website:
under <system.web> enter:
<identity impersonate="true"/>
- Use a connection string in this format:
"Data Source=sqlserver;Initial Catalog=topsecret;Trusted_Connection=yes"
- Write a test page to test the connection
- Be proud of yourselves and roar like a lion.
