MVC 5 IIS 7.5 double-hop issue (avoid hard coded SQL passwords)

Question

I am experiencing the double-hop SQL server log in problem associated with MVC projects.

I am using IIS 7.5; MVC 5; Visual Studio 2013, and simple Windows 7 system running IIS.

I need to make an intranet project with either Windows Authentication or AD Group authentication.

If I use the latter, it doesn't work at all, so I am postponing that, but eventually the goal would be to use AD groups.

For the former I tried getting Kerberos working (and reading dozens of posts) but I could only get the site working on its host machine (hardly worth doing).

I was able to get a special SQL account and password and could get it running using a hard-wired connection string in web.config with the password hard-coded in the app, but this is only for development purposes and needs to be replaced long before it reaches prod.

I have read the website at

http://blogs.technet.com/b/askds/archive/2008/11/25/fun-with-the-kerberos-delegation-web-site.aspx

and following its steps would require three or four different teams working on it to get everything in place where I work.

Does anyone know of any simpler paradigm for MVC projects that enables them to work on an intranet site with either Windows-authentication or AD-group-authentication? Even links to other solutions would be very, very welcome.

If interested, please see also:

https://serverfault.com/questions/656243/iis-app-pool-set-credentials-not-working-for-specific-network-account

Thanks in advance.

Answer 1

You can use certificates instead of Kerberos delegation.