堆栈内存溢出
  简体   繁体   English

将IIS 7.5 Web窗体连接到SQL Server的最佳方法

[英]Best method to connect IIS 7.5 Web Forms to SQL Server

 原文  2012-01-31 22:56:13       asp.net/ sql-server-2008/ iis-7/ webforms/ applicationpoolidentity

问题描述

I'm upgrading an ASP.NET 4.0 app from: 我正在从以下版本升级ASP.NET 4.0应用程序:

Windows Server 2003 and IIS 6 Windows Server 2003和IIS 6

to: 至:

Windows Server 2008 and IIS 7.5 Windows Server 2008和IIS 7.5

This app is based on ASP.NET Web Forms and not MVC. 此应用程序基于ASP.NET Web窗体 ,而非MVC。 I currently use SQL authentication, but I would like to follow best practices in the new environment. 我目前使用SQL身份验证,但是我想在新环境中遵循最佳实践。

Both the IIS 7.5 machine and the SQL Server 2008 machine will reside in a DMZ with its own domain controller . IIS 7.5计算机和SQL Server 2008计算机都将驻留在具有自己的域控制器DMZ中 It would be nice if we could use similar connection strings for Dev, Test and Prod environments. 如果我们可以在Dev,Test和Prod环境中使用类似的连接字符串,那就太好了。 What's the best practice for this situation? 在这种情况下,最佳做法是什么? I've read about three options. 我已经阅读了三种选择。

  1. ApplicationPoolIdentity 应用程序池标识
  2. Create your own service account on the domain 在域上创建自己的服务帐户
  3. SQL authentication SQL验证

Here are links to questions that discussed related issues, but nothing seemed to answer my specific question. 这里是讨论相关问题的问题的链接,但是似乎没有什么可以回答我的具体问题。

User ASP.NET Runs Under 用户ASP.NET运行在

Assign Permissions to ApplicationPoolIdentity Account 向ApplicationPoolIdentity帐户分配权限

2 个解决方案

解决方案1
 1 已采纳  

I recommend AD account for running the app pool. 我建议使用AD帐户来运行应用程序池。 Then, permissions can be created at SQL server for that same account. 然后,可以在SQL Server上为该帐户创建权限。 The conn string used by the app will then not have to contain account info at all (trusted connection), and you will have one less thing to worry about related to security. 然后,该应用程序使用的conn字符串将完全不必包含帐户信息(受信任的连接),并且您不必担心与安全性相关的事情。 As additional precaution, remove that AD account from all user groups, and don't use it for anything else but for this one thing (the app pool). 作为额外的预防措施,请从所有用户组中删除该AD帐户,除了用于这一件事(应用程序池)之外,不要将其用于其他任何用途。 Give that user read access to website files, and write access only to folders that it needs to write to (eg to dump log files). 授予该用户对网站文件的读取访问权限,并仅对其需要写入的文件夹(例如转储日志文件)进行写入访问。

解决方案2
 0  2012-01-31 23:07:18

As far as best practices is concerned, I don't think any of the 3 options you listed is better over the other one; 就最佳实践而言,我认为您列出的三个选项中的任何一个都不比另一个更好。 all of them can do the job securely and efficiently if used correctly. 如果使用正确,它们所有人都可以安全有效地完成工作。 Your decision should be based on which of those offers advantages to you considering your particular environment, company policies, etc., but again, none of them are bad practice. 您的决定应基于考虑到您的特定环境,公司政策等因素中的哪一项可以为您带来优势,但是同样,这些都不是坏习惯。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 IIS 7.5 MVC 5部署的网站将无法连接到SQL Server - IIS 7.5 MVC 5 deployed website will not connect to SQL Server 连接IIS和SQL Server - Connect IIS and SQL server SignalR呼叫服务器方法在VS中本地工作,但在IIS 7.5上不工作 - SignalR call server method works locally in VS, but not on IIS 7.5 IIS 7.5中的Web API路由 - Web API routing in IIS 7.5 IIS 7.5下的SQL Express - SQL Express under IIS 7.5 如何将HTML5移动Web应用程序连接到IIS服务器以从SQL Server数据库中获取信息? - How to connect html5 mobile web app to an iis server to get info from the sql server database? 将Web应用程序转换为IIS网站的最佳方法 - Best Method for Converting a Web Application into an IIS Website 将IIS7.5网站作为应用程序时-应用程序“默认网站”中的服务器错误? - when Make IIS7.5 Web Site an Application - Server Error in Application “DEFAULT WEB SITE”? asp.net Web应用程序中的ADO是否总是使用IIS服务帐户连接到SQL Server? - Does ADO in an asp.net web app always use the IIS service account to connect to SQL Server? 将我的asp.net MVC Web应用程序部署到IIS7后,无法将其连接到SQL Server - Unable to connect my asp.net mvc web application to the sql server after deploying it to IIS7
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM