Using Windows Authentication in a Single Computer Deployment
You might want to deploy Commerce Server on a single computer, for example, if you are a developer building a site.
The deployment scenario explained in this topic is:
Internet Information Services (IIS) and the SQL Server databases (the Administration database and the Commerce Server site databases) are installed on the same computer.
SQL Server is configured for Mixed Mode authentication (Windows Authentication and SQL Server Authentication).
Commerce Server is configured for Windows Authentication.
Users who connect to Business Desk and a Commerce Server site using a Windows user account can make use of trusted connections (connections validated by Windows). The users are identified by their Windows login ID and do not have to enter a separate SQL Server login ID.
To set up a Commerce Server site for trusted connections
Create an Active Directory domain. For instructions, see Step 1: Configure Active Directory and DNS on Computer 1.
Create a user account on the Active Directory domain so anonymous users can access SQL Server.
Change the IUSR_<computer> account in IIS to the anonymous account created in Step 2.
For the IWAM_<computer> account, assign the SQL Server db_owner role for the Commerce Server site database (not the MSCS_Admin database).
When you install the Commerce Server services (Direct Mailer, Predictor, and List Manager), specify a Windows account(s) that has access to SQL Server.
Commerce Server Setup automatically grants the logon as a service right to the account(s) you specify.
For information about the service accounts, see Securing Service Accounts.
For instructions about changing a service account or password, see Changing a Service Account or Password.
You do not need to do the following:
- Grant trusted delegation to the domain logons
- Change the security policies
- Modify COM+ roles
Copyright © 2005 Microsoft Corporation.
All rights reserved.