SQL Server use existing IIS Application Pool with a Windows Form application built in VB.NET

1
votes

I'm volunteering to help a non-profit company that had a Web app built by students at a local college who have graduated and are no longer available. They used ASP.NET for the Web app and SQL Server for the database on a Windows Server network. It uses IIS Application Pool for the login to the SQL Server, Login: IIS APPPOOL\DefaultAppPool.

I have re-written the app in VB.NET and added features since I have no ASP.NET experience. I also ended up building a new database on the same server, same directory, and will import the current one when we think the new app is ready. I researched Application Pools.

QUESTION: Can the existing IIS APPPOOL be used by the VB.NET Windows Form .EXE app to connect to the SQL Server?

I'm trying to minimize the average user's access to the SQL Server computer and not mess up the current system. Currently the average user does not have AD network read/write rights to the SQL computer, they get to the existing Web app on their citrix desktop.

Secondary Question: If an .EXE app can not use the IIS APPPOOL, my research shows make an AD Group with the users, add an SQL Server Login for that Group with SQL rights to the database and use Windows Authentication to connect to the SQL Server. Which directories on the SQL Server computer need AD rights assigned to the new Group? I tried just the .mdf and .ldf files for the database I built and the login failed. Thanks for any help.

2
asp.netsql-servervb.netiisapplication-pool

2 Answers

0
votes

QUESTION: Can the existing IIS APPPOOL be used by the VB.NET Windows Form .EXE app to connect to the SQL Server?

No. IIS is used by only webapps

Secondary Question: If an .EXE app can not use the IIS APPPOOL, my research shows make an AD Group with the users, add an SQL Server Login for that Group with SQL rights to the database and use Windows Authentication to connect to the SQL Server. Which directories on the SQL Server computer need AD rights assigned to the new Group? I tried just the .mdf and .ldf files for the database I built and the login failed.

You can use Basic windows authentication,even though you don't use IIS..You can create a windows group in sql server,add users to that group..But one problem remains,users need to right click the app and connect with run as settings for that group..

To avoid this, you can create directly users and assign them rights

if you are using sql server login, your users can directly login..when they run the app,they might face a prompt to enter credentials..

for the directories part, you need to only ensure,sql server run as account has full permissions on that directories

0
votes

Application pools are IIS internal methods to separate even the web sites that running on that web server from each other. The whole point is that a web site should not and cannot access the other web sites' app pools, so your Windows Forms application wouldn't be able to do that either.

That doesn't mean that you can't access the same SQL server or the same database, sure you can. But that depends on your connection settings and the two will be two different SQL server sessions, two or more SQL server processes.

This also answers the secondary question: you'll have to define the connection, probably with connection string(s) in your application. It's up to you how you do that. And up to you what kind of security model you choose for the users.