stackoom
  简体   繁体   中英

SQL Server and windows authentication in IIS7

 原文  2009-12-04 14:21:10       asp.net/ sql-server/ iis-7/ windows-authentication

Question

I'm trying to get an ASP.NET website running on Vista (IIS7), using SQL Server and Windows Authentication. No matter what I do, when I connect to the database, I get the exception: 

SqlException was unhandled
    Login failed for user 'MyDomain\MachineName$'.

It doesn't seem to matter what settings I apply, I cannot get IIS7 to pass through my Windows login credentials.

Extra details:

  • Both the SQL Server and my local machine are on ActiveDirectory
  • Vista Enterprise, IIS7
  • SQL Server 2005
  • Anonymous Authentication disabled, Windows Authentication enabled
  • Impersonation on/off makes no difference
  • All Identities (NetworkService, LocalSystem, etc) give the same result
  • Classic and integrated pipelines give the same result

Help!

4 answers

solution1
 7 ACCPTED  2009-12-04 16:35:36

Impersonation on/off makes all the difference, when properly configured. What you want is caled 'constrained delegation' and you need to configure IIS and ASP for it:

solution2
 1  2009-12-04 14:34:33

By default, the IIS server is not allowed to impersonate you towards the SQL Server. There's an MSDN article on how to configure it. The configuration process is complex and error prone.

If your production ISS and SQL Server run on different servers, you'll need a domain admin to configure impersonation trust between the two servers. This is typically a no-go in a big organization.

In addition to not being deployed by normal admins, impersonation also prevents users from sharing their connections in the SQL connection pool. This results in a very noticeable performance penalty for even small (5+ users) websites.

solution3
 0  2009-12-04 14:27:08

Did you try to create a new user account for your application, grant it the appropriate rights on the Sql Server, and then set the application pool to run under this new account? This is what I usually do, and it works. I'm not running my application under NetworkService, LocalSystem or other builtin accounts.

solution4
 0  2009-12-04 14:36:19

Does your connection string contain Integrated Security=SSPI ?

Have you switched the asp.net context to be a domain user as well?

Here is an MSDN article on this topic

http://msdn.microsoft.com/en-us/library/2xzyzb0f.aspx

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Windows Server 2008, IIS7 and Windows Authentication Windows Authentication IIS7 windows authentication in iis7 runAllManagedModulesForAllRequests = “true” killing windows authentication in IIS7 IIS7: How to define that windows authentication is turned on? IIS7 & forms authentication IIS7 Windows authentication(how to retrieve username from domain?) grant IIS APPPOOL wrecked my SQL Server windows authentication IIS and SQL Server Windows Authentication in an ASP.NET application Permissions to Configure to run interop services in Windows Server 2008 with IIS7
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM