tag:support.hglabhq.com,2012-10-18:/discussions/problems/835-connecting-with-integrated-securitytrueHgLab: Discussion 2015-05-17T06:46:27Ztag:support.hglabhq.com,2012-10-18:Comment/367003002015-04-28T19:05:36Z2015-04-28T19:05:36ZConnecting with integrated security=true<div><p>This is done to simplify things.</p>
<p>When using Integrated Security, there's no way, at least to my
knowledge, to <em>select</em> the user that the Application Pool is
running under. One can only type the exact account name into an
appropriate text area in SQL Server UI. This was a major stumbling
block for new users.</p>
<p>Plus, the exact identity is not known until after the
Application Pool is created by the installer.</p>
<p>In your particular scenario you will need to fiddle with
Web.config in HgLab Installation Directory and change the element
accordingly. You will then have to do this after any upgrade.</p></div>Anton Gogolevtag:support.hglabhq.com,2012-10-18:Comment/367003002015-05-17T06:46:26Z2015-05-17T06:46:27ZConnecting with integrated security=true<div><p>You can capture the identity account in your installer, WIX and
all others support securely capturing an identity and setting the
newly created app pool with that account.</p>
<p>Further to that, IIS and SQL now (since 2008 R2 I think) support
giving access to the application pool name (not directly the
account). You give access to "IIS APPPPOPL\AppPoolName" and
internally it resolves any service account. See more details here:
<a href="http://blogs.msdn.com/b/ericparvin/archive/2015/04/14/how-to-add-the-applicationpoolidentity-to-a-sql-server-login.aspx">
http://blogs.msdn.com/b/ericparvin/archive/2015/04/14/how-to-add-th...</a>
You can type in the app pool name in SQL Management Studio, it
resolves OK but you cannot look it up. The article also points out
how you can do it in a script.</p>
<p>We do similiar stuff in our own products. While I understand it
might complicate the installation, it should still be an "advanced"
option for those that need the extra security.</p>
<p>The connection string - in that case is the same for every
client deployment. You only capture the sql server name during
installation.</p>
<p>Please feel free to reach out to me if needed.</p></div>Radi A.