简体繁体 English

当从客户端计算机通过浏览器连接到网站时，为什么IIS7被阻止访问我的数据库？

[英]Why is IIS7 blocked from accessing my database when connecting to a website via a browser from a client machine?

原文 2016-01-04 12:37:46 4 1 asp.net/ sql-server/ iis-7

When I access the website from the same machine IIS is running on I am able to connect to the database, but not if I try to access it remotely. 当我从运行IIS的同一台计算机上访问网站时，我可以连接到数据库，但是如果我尝试远程访问它，则无法连接。 The only way I've managed to get it to connect is when I specify Physical Path Credentials: 我设法使其连接的唯一方法是当我指定物理路径凭证时：

click to open image 点击打开图片

This doesn't work for me because, I am using the username as a search criteria when querying the database and this way I always get the same username (the one I specified in the physical path credentials). 这对我不起作用，因为在查询数据库时，我使用用户名作为搜索条件，因此我总是获得相同的用户名（在物理路径凭据中指定的用户名）。

I am confused because, when accessing the website locally and remotely I use the same credentials and I get different results. 我很困惑，因为在本地和远程访问网站时，我使用相同的凭据，但得到的结果却不同。

This is the exception that is thrown when trying to access the site remotely: 这是尝试远程访问站点时抛出的异常：

ByNadexLoginSystem.Exception: System.Exception: 'SelectDataObject()' failed ---> System.Data.SqlClient.SqlException: A network-related or instance-specific error occurred while establishing a connection to SQL Server. ByNadexLoginSystem.Exception：System.Exception：'SelectDataObject（）'失败---> System.Data.SqlClient.SqlException：建立与SQL Server的连接时发生与网络相关或特定于实例的错误。 The server was not found or was not accessible. 服务器未找到或无法访问。 Verify that the instance name is correct and that SQL Server is configured to allow remote connections. 验证实例名称正确，并且已将SQL Server配置为允许远程连接。 (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server) ---> System.ComponentModel.Win32Exception: Access is denied --- End of inner exception stack trace （提供者：命名管道提供程序，错误：40-无法打开与SQL Server的连接）---> System.ComponentModel.Win32Exception：访问被拒绝---内部异常堆栈跟踪结束

I have tried adding folder permissions as pointed out here: ASP.NET Application page not working on clients computers with no success whatsoever. 我曾尝试按此处指出的方法添加文件夹权限： ASP.NET应用程序页在客户端计算机上无法正常运行，无论如何都不会成功。

The SQL server is configured to allow remote connections. SQL Server配置为允许远程连接。

I am sure it is a permissions problem I just can't find where. 我敢肯定这是一个权限问题，我根本找不到。 Any ideas? 有任何想法吗？

1 个解决方案

I found the solution to my problem, I want to give credit to Sean Lange . 我找到了解决问题的方法，我想感谢肖恩·兰格（ Sean Lange）。 Thanks to his question it gave me a line of investigation to follow. 由于他的问题，这给了我一系列的调查依据。 While going through msdns documentation here https://msdn.microsoft.com/en-us/library/bsz5788z.aspx I found this: 在这里查看msdns文档时， https ：//msdn.microsoft.com/en-us/library/bsz5788z.aspx我发现了这一点：

If SQL Server is on a different computer than the Web server, the Windows identity must be able to flow across the network to the remote instance of SQL Server. 如果SQL Server与Web服务器不在同一台计算机上，则Windows身份必须能够通过网络流到SQL Server的远程实例。 (Windows networks that have been configured appropriately with Kerberos authentication are able to do this.) However, depending on the settings in the identity configuration element, the Windows identity established on the operating system thread for ASP.NET applications may not be able to flow properly to the remote SQL Server. （已经使用Kerberos身份验证正确配置的Windows网络可以执行此操作。）但是，根据身份配置元素中的设置，在ASP.NET应用程序的操作系统线程上建立的Windows身份可能无法传递正确地连接到远程SQL Server。

In IIS, only Basic Authentication logs users on with a security token that flows across the network to a remote SQL server. 在IIS中，只有基本身份验证才能使用安全令牌登录用户，该令牌在网络上流向远程SQL Server。 By default, other IIS security modes used in conjunction with the identity configuration element settings will not result in a token that can authenticate to a remote SQL Server. 默认情况下，与身份配置元素设置一起使用的其他IIS安全模式将不会生成可以对远程SQL Server进行身份验证的令牌。