Version 2 - Reviewed: September 6, 2017
The objective of the article is to guide an IT administrator through the processing of setting up TariffShark Application Server (ASP.NET) to use Windows authentication when connecting to the TariffShark Database (Microsoft SQL Server).
When you use Windows authentication to connect to SQL Server, you use your application's process identity or thread identity (if your application is using impersonation) to connect. You should use Windows authentication to connect to SQL Server when possible for the following reasons:
<configuration> <appSettings> <add key="Main.ConnectionString" value="data source=$SERVER$;initial catalog=$DATABASE$;Integrated Security=SSPI;"/> </appSettings> </configuration>
You need to create a SQL Server login for your application's service account, and grant DBO permissions to access the TariffShark database.
USE [master] GO CREATE LOGIN [DOMAIN\testuser] FROM WINDOWS WITH DEFAULT_DATABASE=[TariffSharkTestData] GO USE [TariffSharkTestData] GO CREATE USER [DOMAIN\testuser] FOR LOGIN [DOMAIN\testuser] GO USE [TariffSharkTestData] GO EXEC sp_addrolemember N'db_owner', N'DOMAIN\testuser' GO
aspnet_regiis.exe -ga domainNameOrMachineName\userName
On Windows, running the Aspnet_regiis.exe -ga command adds the account to the IIS_IUSRS group. Membership in the IIS_IUSRS group grants the account the Log on as a batch job permission and ensures that the necessary file system and IIS metabase permissions are granted. If for some reason this is not done, please add the account to the IIS_IUSRS group.