I have 2 Servers, a web server and a database server.
Web server runs a number of .net sites that need to connect to the database server.
Currently, I have a configuration string for each application, that specifies a database instance, user name and password, and then have to add in these users onto the Database, and give them the necessary permissions.
Locally however, I can use the integrated Ap Pool Identity. This means that when the code is deployed config strings need to be changed, and a number of db users need to be managed, along with relevent passwords.
To me this doesn't seem the best way. I have read about Managed Service Accounts, but the last thing I read implied that they are not officially supported yet (this was in 2014).
So which is the 'correct' way of connecting my app pool users from one server to the database on another?
Best Answer
Managed service accounts are supported in SQL server 2012 onwards to run it's services.
There is no 'correct' way but managed service accounts on the application server are normal domain users as the SQL Server is concerned so as long as you can use them for the application they are a nice option. You might have to type the name in (domain\appuser$) as older versions of SSMS don't know the object type but you can add them manually
To minimize the configuration changes you can do the following: