stackoom
  简体   繁体   中英

Does ADO in an asp.net web app always use the IIS service account to connect to SQL Server?

 原文  2011-03-08 20:56:54       asp.net/ sql-server/ ado.net

Question

I have an ASP.NET web app where I use an ado sql connection to connect to a database on a SQL Server. The ado connection string is provided with a user login that has sufficient rights to read/write to the database. I originally pushed out the web app in its own IIS web site, using its own application pool and everything worked fine.

However, I am now trying to include the web app under an already existing web site. Everything seemed to work fine until I tried any functionality that called for an INSERT or UPDATE to the database. It turns out the user connecting to the DB didn't have sufficient permissions. Finding this strange, I did some research and found a forum post that suggested the IIS Web Site service account needed read/write permissions in the SQL database in order for an app to perform INSERT/UPDATE. Is this true?

I tested it out, and yes, indeed it worked, only with the Application Pool Identity account. The details of my scenario are as follows:

  • The web app's first IIS Web Site had an application pool Identity that ran under NETWORK SERVICE, which already had a login for SQL SERVER

  • The already existing web site's application pool Identity runs under a domain account. This site already runs another web app that connects to the same database using LINQ (developed by someone else). I am relatively new to web development and am more familiar with ADO, so that is the route I chose.

  • The domain account mentioned above formerly had no SQL Server login/user mapping. I set it up as a dbowner, and viola, the new web app worked under the existing web site.

While I found a way for it to work, we would rather not create a SQL login for this Identity account. We want the login provided in the web app's ADO SqlConnection to be the one to actually connect, because isn't that the point of it? Also, the fact that another web app using LINQ can connect just fine under the same web site leads us to believe this is possible. Any experts out there have two cents to offer on this issue?

1 answers

solution1
 0 ACCPTED  2011-03-08 21:06:19

SQL Server Windows Authentication is used when the connection string uses Integrated Security . If the authentication mode is SQL Server Authentication (login/password), then it doesn't matter what account is used.

This works by checking the Windows (Domain) Account of the process making the ADO connection.

In an ASP.Net web app, there are three accounts involved - IIS Service account, Web Site directory security account, Application Pool account. When connection to SQL Server, the process running ASP.NET web apps is w3wp.exe , which is run under the Application Pool, Identity account. This is the account you need to configure access for.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question ASP.NET web service does not connect with database in IIS7 ASP.Net which user account running Web Service on IIS 7? Authentication from ASP.NET web app to ASP.NET web service to SQL Server Unable to connect my asp.net mvc web application to the sql server after deploying it to IIS7 ASP.NET 5 MVC: unable to connect to web server 'IIS Express' Unable to connect to web server IIS Express - ASP.NET CORE Invoke windows service from asp.net web app on iis I need to write to a SQL Express db in my ASP.NET web site, is NETWORK SERVICE the account to use? IIS 7 asp.net application - pass through windows authentication from client to Sharepoint web service (not app pool account) SQL Server error in IIS asp.net web page
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM