Accessing MS SQL Server with IWA

Please see Running the IIS Application Pool As a Service Account for additional information.

Introduction

Integrated Windows Authentication (IWA) requires:

  • Installing a SQL Server instance
  • Creating a new domain service account
  • Granting access to SQL Server database
  • Registering a service account to run IIS and ASP.NET
  • Assigning an account as an application pool identity

For instructions on Creating the SQL account or Installing SQL Server see Installing and Configuring SQL Server

Creating a Domain Service Account

The account needs access to the application server and database server. Ensure password expiration is not enabled or the account could lock you out of Secret Server.

Granting Access to SQL Server database

  1. Connect to the Database instance using SQL Management Studio.

  2. Right click on the Security node (ensure this is the top most security node under the instance and not under the database name itself) and select New > Login.

  3. Enter the Login name as Domain\Username.

  4. Ensure Windows Authentication radio button is selected.

  5. If you have already created the database, then under User Mappings select the database and grant dbOwner permission. Otherwise, if you plan to have the Database created for you, under Server Roles select dbCreator.

  6. Click the Ok button.

Assigning Account as Identity of Application Pool

  1. Open IIS (Run command inetmgr).

  2. Click the Application Pool node.

  3. Select Secret Server's Application Pool (default is SecretServerAppPool).

  4. On the Right panel, Click .

  5. Scroll down to the Identity row under Process Model.

  6. In the popup, select Custom Account > Set.

  7. Type the user as domain\username.

  8. Type the password.

  9. Click the Ok button.

  10. Recycle the application pool by clicking the Recycle.. button under the Application Pool tasks.