We are setting up a webserver (172.16.0.2) that lives in the DMZ behind our
firewall (172.16.0.1)
I would like this server to connect to a db that lives on an SQL Server
(PDC: 192.168.16.2) on our internal lan.
I have opened port 1433 on the firewall between 172.16.0.2 & 192.168.16.2
On the webserver I have installed MSDE that the web app currently connects
to successfully whilst I determine how to connect it to the internal server.
In EM on the SQL Server I can now connect to the MSDE server, have activated
TCP/IP 1433 on MSDE, and all works well.
I would like our Web application to used the internal SQL Server as opposed
to the local MSDE.
In order to connect to the SQL Server at 192.168.16.2 is MSDE required or
can it be removed ?
Do I simply need to specify the port in the querystring in order to connect
to the remote server ?
What users/logins will need to be created in order for the web app to
connect to our internal server ?
Should I use a trusted connection or specify uid=sa;pwd=abc in the
querystring ?
The querystring I have developed so far to connect to this server is:
<appSettings>
<add key="ConnectionString"
value="server=192.168.16. 2,1433;Trusted_Connection=true;database=
store" />
</appSettings>
Or should I use:
<appSettings>
<add key="ConnectionString"
value="server=192.168.16.2,1433;uid=sa;pwd=abc;database=store" />
</appSettings>
Any assistance would be greatly appreciated.
Thanks
MurphyAs a general comment you are better off not putting real IP Addresses in thi
s newsgroup (as it is open to hackers etc).
No, you don't need MSDE on the webserver (unless it is running Application C
enter 2000 which uses MSDE internally).
Two documents well worth the read are in the Architecture Blueprints (network_architect
ure.doc and security_architecture.doc) of the MS System Architecture 2.0 reference arch
itecture kit. http://www.microsoft.com/windowsser...sa/default.mspx
There is a good article on different security architecture models for .NET/S
QL applications here that's worth a read:
http://msdn.microsoft.com/library/d.../>
Netch12.asp|||Do I simply need to specify the port in the querystring in order to connect
to the remote server ?
What users/logins will need to be created in order for the web app to
connect to our internal server ?
Should I use a trusted connection or specify uid=sa;pwd=abc in the
querystring ?
The port is not required. SQL clients default to port 1433.
The logins required depends on your application.
MSDE is not required on the webserver.
The IIS server is the client to the SQL Server in your case.
You can't make Trusted Connections using a username and password.
Thanks,
Kevin McDonnell
Microsoft Corporation
This posting is provided AS IS with no warranties, and confers no rights.|||Thanks Kevin,
If I need other than the username and password to make a trusted connection
with the web server & sql server are in different domains what is be best
approach. I am now able to connect using sa & password in the querystring
but I'd prefer the trusted connection option...
Thanks
Murphy
"Kevin McDonnell [MSFT]" <kevmc@.online.microsoft.com> wrote in message
news:FKpYx6cHEHA.1988@.cpmsftngxa06.phx.gbl...
> Do I simply need to specify the port in the querystring in order to
connect
> to the remote server ?
> What users/logins will need to be created in order for the web app to
> connect to our internal server ?
> Should I use a trusted connection or specify uid=sa;pwd=abc in the
> querystring ?
> The port is not required. SQL clients default to port 1433.
> The logins required depends on your application.
> MSDE is not required on the webserver.
> The IIS server is the client to the SQL Server in your case.
> You can't make Trusted Connections using a username and password.
>
> Thanks,
> Kevin McDonnell
> Microsoft Corporation
> This posting is provided AS IS with no warranties, and confers no rights.
>
>|||From previous post:
"If I need other than the username and password to make a trusted connection
with the web server & sql server are in different domains what is be best
approach. I am now able to connect using sa & password in the querystring
but I'd prefer the trusted connection option..."
Trusted connections rely on NT credentials. So if the machines are in
different domains, then there is no way
to correctly "impersonate" the client machine.
So, if you have two domains that are not Trusted, then the only way to make
this work is to duplicate the same NT username & password in each domain.
This technique is called "Workgroup Security".
It's more work on the administrator to keep the NT passwords in synch at
each domain, but it allows you to use NT credentials instead
of passing a SQL username and password.
If you put a Server certificate on the SQL Server , then the logins passed
will be encrypted. Additionally, you could enable SSL encryption between
the IIS machine and Server, which would encrypt both the logins and the
data.
See this article for steps to implement SSL
276553 HOW TO: Enable SSL Encryption for SQL Server 2000 with Certificate
Server
http://support.microsoft.com/?id=276553
Thanks,
Kevin McDonnell
Microsoft Corporation
This posting is provided AS IS with no warranties, and confers no rights.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment