>>
>>They have to have a SQL CAL AND a Windows CAL.
>>
>>They gave us an example of AMAZON.COM. According to Microsoft, People who anonimously browse AMAZON do not need a CAL. As soon as they log in to make a purchase, they require SQL and Windows CALs.
>>
>
>Hey William,
>
>About the windows CAL.
>Not sure - I'm not there yet - but if you use a connection string without windows authentication - is an sql CAL not sufficient ?

If your web app is connecting to SQL Server on a Windows Server, or if your web app is running on a Windows server other than Web server edition, and there is any user recognition AT ALL other than all users are completely anonymous and treated equally, Microsoft says you need Windows CALs or an External connector license (about $2000/server) for each recognized user.

The web app itself does not need a CAL. As soon as your user identifies himself with a username or other credentials via Forms authentication, Windows Authentication, or any other means, you'll need a CAL if that application touches any other resource on a Windows box aside from IIS itself. If IIS is not on a Web Server edition of Windows server, then CALs are required no matter what the application touches.

An SQL CAL (or processor license) is required if a user uses a web application that touches SQL Server (aside from free versions) if the user is an identified user. As soon as a user gives a username or other identification and the web application uses SQL for anything, you owe $$.

It sucks, but that's what Microsoft Partner Support folks told us very specifically today.