Connecting with integrated security=true

Radi A.'s Avatar

Radi A.

28 Apr, 2015 05:26 PM

We need the capability to remove the SQL user name and password in the connection string in order to comply with security.

Even if that means running the installer as a different user...

What are our options? The same applies for the LDAP account - why can't it use the application pool account?

  1. Support Staff 1 Posted by Anton Gogolev on 28 Apr, 2015 07:05 PM

    Anton Gogolev's Avatar

    This is done to simplify things.

    When using Integrated Security, there's no way, at least to my knowledge, to *select* the user that the Application Pool is running under. One can only type the exact account name into an appropriate text area in SQL Server UI. This was a major stumbling block for new users.

    Plus, the exact identity is not known until after the Application Pool is created by the installer.

    In your particular scenario you will need to fiddle with Web.config in HgLab Installation Directory and change the <connectionStrings> element accordingly. You will then have to do this after any upgrade.

  2. 2 Posted by Radi A. on 17 May, 2015 06:46 AM

    Radi A.'s Avatar

    You can capture the identity account in your installer, WIX and all others support securely capturing an identity and setting the newly created app pool with that account.

    Further to that, IIS and SQL now (since 2008 R2 I think) support giving access to the application pool name (not directly the account). You give access to "IIS APPPPOPL\AppPoolName" and internally it resolves any service account. See more details here: http://blogs.msdn.com/b/ericparvin/archive/2015/04/14/how-to-add-the-applicationpoolidentity-to-a-sql-server-login.aspx You can type in the app pool name in SQL Management Studio, it resolves OK but you cannot look it up. The article also points out how you can do it in a script.

    We do similiar stuff in our own products. While I understand it might complicate the installation, it should still be an "advanced" option for those that need the extra security.

    The connection string - in that case is the same for every client deployment. You only capture the sql server name during installation.

    Please feel free to reach out to me if needed.

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac

Recent Discussions

03 Aug, 2022 01:49 PM
05 Jul, 2022 07:01 PM
28 Mar, 2022 04:42 PM
21 Jan, 2022 10:43 AM
20 Jan, 2022 10:45 AM

 

18 Jan, 2022 10:15 AM
19 Mar, 2021 06:13 PM
01 Mar, 2021 02:51 PM
01 Jan, 2021 02:19 AM
28 Aug, 2020 08:34 AM
23 Jun, 2020 08:29 AM