匿名访问(IIS)和SQL Server
[英]Anonymous access (IIS) and SQL Server
问题描述
I just had an interview in Redmond where they asked me a ton of security based questions surrounding asp.net. 
我刚刚在雷德蒙德接受采访,他们向我询问了围绕asp.net的大量安全性问题。 One of the questions they asked was about configuring a secure intranet application to use constrained delegation to access the SQL Server. 他们提出的一个问题是如何配置安全的Intranet应用程序以使用约束委派来访问SQL Server。 In this scenario an AD user account is delegated access to the SQL Server. 在此方案中,AD用户帐户被委派访问SQL Server。 The whole purpose of course is to a) not store any username/password anywhere on the web server (web.config), and b) provide an abstracted security model that can be managed in Active Directory. 当然,完整的目的是:a)不在Web服务器(web.config)的任何地方存储任何用户名/密码,b)提供可在Active Directory中管理的抽象安全模型。
This got me to thinking about how I have been configuring my sites for anonymous access all these years. 这让我想到这些年来我一直在为匿名访问配置我的网站。 Typically I will run my IIS websites using the default anonymous account and store the connection string in the web.config (encrypted, and sometimes in clear text). 通常,我将使用默认的匿名帐户运行我的IIS网站,并将连接字符串存储在web.config中(加密,有时以明文形式)。 This, of course, requires your SQL Server to run in mixed mode. 当然,这需要您的SQL Server以混合模式运行。 So my question is, what if we didn't store the connection string in the web.config at all, and just created a unique anonymous domain account for the particular website that would have db_datareader access within SQL Server? 所以我的问题是,如果我们根本没有将连接字符串存储在web.config中,并且只为特定网站创建了一个唯一的匿名域帐户,该帐户将在SQL Server中具有db_datareader访问权限? Is there any reason why it would be a bad idea to do this? 有什么理由为什么这样做是个坏主意?
I have tried to think of all the scenarios where this would be a bad idea, and the only one I can think of is where a "hacker" compromised the code on the web server, and then somehow got access to your SQL Server...but this could happen in either scenario. 我试图想到所有这些都是个坏主意的场景,我唯一能想到的是“黑客”破坏了Web服务器上的代码,然后以某种方式访问了你的SQL Server。但是这可能发生在任何一种情况下。
Does anyone know the best practice here? 有谁知道这里的最佳做法?
2 个解决方案
解决方案1
2 2009-01-30 18:06:32
Maybe you could use ODBC to create a DSN for the SQL Server connection. 也许您可以使用ODBC为SQL Server连接创建DSN。 Then your web.config only needs to know the DSN. 然后你的web.config只需要知道DSN。 This may require you to use System.Data.OleDb. 这可能需要您使用System.Data.OleDb。 I've never seen DSN used in ASP.NET but it used to be pretty standard for Classic ASP. 我从来没有见过在ASP.NET中使用的DSN,但它曾经是Classic ASP的标准。 And I've never heard of Active Directory being used to manage ODBC. 我从来没有听说过Active Directory用于管理ODBC。
解决方案2
1 已采纳 2009-01-30 18:28:23
Where I work, we have a windows service that runs under a specific domain account. 在我工作的地方,我们有一个在特定域帐户下运行的Windows服务。 That account is setup in SQL Server as a login and it has a matching user in the DB it needs access to. 该帐户在SQL Server中设置为登录,并且在其需要访问的数据库中具有匹配的用户。 We have never had any problems with this. 我们从来没有遇到任何问题。
I think the most important thing is to properly configure your database user (or role) so it only has access to what it needs. 我认为最重要的是正确配置您的数据库用户(或角色),以便它只能访问所需的内容。
I have considered using AD to manage SQL access in a similar manner that you describe in your first paragraph. 我已经考虑使用AD以与您在第一段中描述的方式类似的方式管理SQL访问。 (AD Group -> SQL Server login -> DB User -> DB objects) The only drawback I can see so far is, if a user connected directly to the database, they would bypass any logic you have in your app. (AD组 - > SQL Server登录 - >数据库用户 - >数据库对象)到目前为止,我能看到的唯一缺点是,如果用户直接连接到数据库,他们将绕过您在应用程序中的任何逻辑。 One benefit is, you know what domain users are accessing your database. 一个好处是,您知道域用户正在访问您的数据库。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.