在IIS中使用带有连接字符串的Windows身份验证连接到SQL 2008 R2
[英]Using Windows Authentication with Connection string in IIS to connect to SQL 2008 R2
问题描述
I'm am making a model first website using MVC4 on IIS7. 
我正在使用IIS7上的MVC4创建一个模型第一个网站。
Currently my connection string looks like this: 目前我的连接字符串如下所示:
<add name="VaultEntities"
connectionString="metadata=res://*/Models.VaultDB.csdl|res://*/Models.VaultDB.ssdl|res://*/Models.VaultDB.msl;provider=System.Data.SqlClient;
provider connection string="
data source=sqlserver\instance;
initial catalog=vault;
integrated security=True;
multipleactiveresultsets=True;
App=EntityFramework""
providerName="System.Data.EntityClient" />
The connection was auto generated by Visual Studio 2011 when I added the database through the Model First approach. 当我通过Model First方法添加数据库时,Visual Studio 2011自动生成连接。 The query works perfectly locally on my development machine. 该查询在我的开发机器上完美地工作。 But it dosen't work on the IIS server. 但它不能在IIS服务器上运行。
My guess is that this is because my user account on my development machine has access to the SQL server and when IIS tries to access the SQL server its user account gets denied. 我的猜测是,这是因为我的开发计算机上的用户帐户可以访问SQL服务器,当IIS尝试访问SQL服务器时,其用户帐户被拒绝。
In a perfect world I would add a user on the SQL server and use 在完美的世界中,我会在SQL服务器上添加用户并使用
User Id=myUsername;Password=myPassword;
in my connection string, unfortunately I don't have that option. 在我的连接字符串中,遗憾的是我没有这个选项。
Without going into details the dba's are...difficult...to work with. 没有详细说明dba是......难以......合作。
So is there any way to use my AD account in the connection string to login to the SQL server... Or can I make IIS identify itself as me? 那么有没有办法在连接字符串中使用我的AD帐户登录到SQL服务器......或者我可以让IIS将自己标识为我吗?
2 个解决方案
解决方案1
6 已采纳 2012-11-12 14:03:46
Is there any way to use my AD account in the connection string to login to the SQL server... Or can I make IIS identify itself as me?
You can get the application pool to use any AD user you want. 您可以让应用程序池使用您想要的任何AD用户。
I would not recommend using your own username though. 我不建议使用您自己的用户名。 How many times have you locked your username in the last 12 months, and what happens when you leave? 您在过去12个月内锁定了多少次用户名,以及您离开后会发生什么?
Create/use a service AD account, map it in the application pool, and get the DBAs to give DB access to that user, using trusted connection. 创建/使用服务AD帐户,将其映射到应用程序池中,并使用可信连接让DBA为该用户提供数据库访问权限。 Sorry, you'll have to talk to the DBAs! 对不起,您必须与DBA交谈! :-) :-)
解决方案2
3 2012-11-12 14:17:10
Ok, there is two options. 好的,有两种选择。 1. Either you change you application pool identity to one which has AD access to database, this can be done also by using impersonation section in web.config file of your website(Check this link ). 1.您可以将应用程序池标识更改为对数据库具有AD访问权限的应用程序池标识,也可以通过在您网站的web.config文件中使用impersonation部分来完成此操作(请检查此链接 )。 2. Either you add sql account to your connection string. 2.将sql帐户添加到连接字符串。 As I can see you are using EF connection string, it's a little bit different from standard sql connection string. 我可以看到你正在使用EF连接字符串,它与标准的sql连接字符串略有不同。 But still has the same part with sql credentials, just replace integrated security = true to used id =...;password=... . 但是仍然与sql凭据具有相同的部分,只需将integrated security = true替换为used id =...;password=... That's all. 就这样。
Hope this helps. 希望这可以帮助。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.