TURBO App Builder with Windows Authentication in Connection String
Our TURBO App Builder within SharePoint supports windows authentication in connection strings. In order to achieve that, TURBO App Builder is using Web Application pool identity to do database operations.
Hence, when you install TURBO App Builder, you must grant database owner permission to application pool identity for turbo app builder database.
However, there is one limitation if you want to use Windows Authentication. You also have to provide database owner permission to NT AUTHORITY\ANONYMOUS USER login along with the application pool identity. Read through this full article to understand why it is so and what the other options are.
TURBO App Builder supports sql server authentication
If your organization policies are not allowing you to grant database owner permission to NT AUTHORITY\ANONYMOUS LOGON (which is recommended), you can probably choose enabling sql server authentication in your sql server and use sql server authentication in turbo app builder connection string.
Here is the step by step article that shows you how to migrate from windows to sql authentication mode connection string.
What is the problem with TURBO App Builder that is causing this issue?
TURBO App Builder is built using Linq-to-sql for accessing database. The way Linq-to-sql utilizes connection string to load related data in eager/lazy loading, its leaving no way to impersonate and use Web Application Pool Identity instead of currently logged in user.
That means, instead of using web application pool identity, turbo app builder will use currently logged in windows user. Obviously, that user do not have access to sql server so that user is identified as anonymous user for sql server and hence you see Login Failed for "NT AUTHORITY\ANONYMOUS LOGON"
What are the solutions/Options?
- Use Windows Authentication in connection string - Grant web application pool identity and NT AUTHORITY\ANONYMOUS LOGON database owner permission for turbo app database.
- Use Windows Authentication in connection string - If you have really limited number of users who are actually using site collection that is using turbo app, grant all those users database owner permission for turbo app database.
- Use sql server authentication in connection string - We are working on enhancing the product to use encrypted connectionstring in web.config instead of clear text connection strings but for now, it has to be clear text connectionstring showing username and password.