SQL 集成安全 Windows 身份验证 + 用户名
[英]SQL Integrated Security Windows Authentication + Username
问题描述
I have an application which user Integrated Authentication with SQL to read data.
我有一个应用程序,用户使用 SQL 集成身份验证来读取数据。 The system which is reading data has multiple system users.正在读取数据的系统有多个系统用户。 Hence is it possible to provide username while connecting to SQL in integrated security mode so that the right user is understood.因此,是否可以在以集成安全模式连接到 SQL 时提供用户名,以便了解正确的用户。
Current Connection string used is:当前使用的连接字符串是:
<add name="SQLCon" connectionString="Data Source=servername;Initial Catalog=testDB;Integrated Security=SSPI" providerName="System.Data.SqlClient"/>
1 个解决方案
解决方案1
0 2022-07-12 12:58:23
You either use an Integrated Security or Standard Security in the ConnectionString .您可以在ConnectionString中使用集成安全性或标准安全性。 When you use Integrated Security it will use the current Windows Account that is trying to connect to the SQL instance.当您使用集成安全性时,它将使用尝试连接到 SQL 实例的当前Windows Account 。 For instance, if you're trying to connect to SQL Server instance from SQL Server Management Studio or any IDE inside Windows , then the Windows User that runs the SSMS or IDE will be required to be authenticated.例如,如果您尝试从SQL Server Management Studio或Windows内的任何IDE连接到 SQL Server 实例,则需要对运行 SSMS 或 IDE 的 Windows 用户进行身份验证。 However, if the connection was made from IIS, then the Application Pool that uses the connection will be required to be authenticated.但是,如果连接是从 IIS 建立的,则需要对使用该连接的应用程序池进行身份验证。
When using Standard Security , it will always use the same username and password to authenticate.使用Standard Security时,它将始终使用相同的username和password进行身份验证。
There is no way to use both security contexts in the same connection.无法在同一个连接中使用两个安全上下文。 If you need to use both, then you will need to use two different ConnectionString s and use one of them to connection initiator ( SqlConnection , DbContext , ..etc.) - depends on the SQL provider used.如果您需要同时使用两者,那么您将需要使用两个不同的ConnectionString并使用其中一个来连接启动器( SqlConnection 、 DbContext 、 ..等) - 取决于所使用的 SQL 提供程序。
An example, on that, say you have a login page that will authenticate user credentials.例如,假设您有一个登录页面,它将验证用户凭据。 The backend for this login page will connect to the database using Integrated Security to validate the user.此登录页面的后端将使用Integrated Security连接到数据库以验证用户。 If the validation success, then you need to build a connectionString for this user and reuse it for all user requests.如果验证成功,那么您需要为该用户构建一个 connectionString 并将其重用于所有用户请求。 You do the same with all users.您对所有用户执行相同操作。
This technique will require that user will also have a match SQL Login with the proper permissions to be able to query the database.此技术将要求用户还具有匹配的 SQL 登录名,并具有适当的权限才能查询数据库。 This is going to put a lot of work, and it has also its own security risks.这将投入大量工作,并且它也有其自身的安全风险。
The common way is to use one connectionString with Integrated Security so the application will initiate the connection, and implement a user management system such as ASP.NET Identity or any similar system, that will control the user activities over the application.常见的方法是使用一个具有Integrated Security性的connectionString ,以便应用程序启动连接,并实现一个用户管理系统,例如ASP.NET Identity或任何类似系统,该系统将控制用户在应用程序上的活动。 This would be safer than given a user access to the database directly.这比让用户直接访问数据库更安全。
If you need to just let the DBA knows which user is using the connection, you could use Workstation ID or Application Name keywords to add more information about the connection, such as Application Name="CurrentApplication\CurrentUserName where CurrentApplication would be the name of the project that is initiating the connection. and CurrentUserName would be the current logged in user that is using this connection. This information would show-up when the DBAs execute sp_who2 .如果您只需要让 DBA 知道哪个用户正在使用该连接,您可以使用Workstation ID或Application Name关键字来添加有关该连接的更多信息,例如Application Name="CurrentApplication\CurrentUserName其中CurrentApplication将是该连接的名称正在启动连接的项目CurrentUserName将是使用此连接的当前登录用户。当 DBA 执行sp_who2时,将显示此信息。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.