[英]Windows Auth to external SQL DB from Docker ASP.Net
我有通過 Docker Compose 部署的 Asp.net 項目。 部署的應用程序使用外部 MS Sql 數據庫
如果您在本地部署 Asp.net 項目,那么 appsetting 看起來就像使用 Windows 身份驗證:
{
"ConnectionStrings": {
"Database": "Data Source=name.server;Initial Catalog=name_base_dev;Integrated Security=True;MultipleActiveResultSets=True;"
},
"DetailedErrors": true,
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft.AspNetCore": "Warning"
}
}
}
但是,如果我將 Asp.net 項目部署到 Docker 容器,我必須修改應用程序設置,因為否則它不起作用(沒有數據庫訪問權限):
{
"ConnectionStrings": {
"Database": "Data Source=name.server;Initial Catalog=name_base_dev;**User Id=name_user;Password=BigPassword**;MultipleActiveResultSets=True;"
},
"DetailedErrors": true,
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft.AspNetCore": "Warning"
}
}
}
我在 docker 容器日志中看到的只是:
> Executing task: docker logs --tail 1000 -f d7d7fb508f6a0135b18ccfc40eecff1e3bab7e0cbcfdd6506d5d089acf5cd176 <
info: ProtoBuf.Grpc.Server.ServicesExtensions.CodeFirstServiceMethodProvider[0]
RPC services being provided by Name_project.WebUi.Services.ApiService: 5
warn: Microsoft.AspNetCore.DataProtection.Repositories.FileSystemXmlRepository[60]
Storing keys in a directory '/root/.aspnet/DataProtection-Keys' that may not be persisted outside of the container. Protected data will be unavailable when container is destroyed.
info: Microsoft.EntityFrameworkCore.Infrastructure[10403]
Entity Framework Core 6.0.6 initialized 'Name_DbContext' using provider 'Microsoft.EntityFrameworkCore.SqlServer:6.0.6' with options: MigrationsAssembly=Name_project.Persistence
info: ProtoBuf.Grpc.Server.ServicesExtensions.CodeFirstServiceMethodProvider[0]
RPC services being provided by Name_project.WebUi.Services.ApiService: 5
warn: Microsoft.AspNetCore.DataProtection.Repositories.FileSystemXmlRepository[60]
Storing keys in a directory '/root/.aspnet/DataProtection-Keys' that may not be persisted outside of the container. Protected data will be unavailable when container is destroyed.
info: Microsoft.EntityFrameworkCore.Infrastructure[10403]
Entity Framework Core 6.0.6 initialized 'Name_DbContext' using provider 'Microsoft.EntityFrameworkCore.SqlServer:6.0.6' with options: MigrationsAssembly=Name_project.Persistence
info: ProtoBuf.Grpc.Server.ServicesExtensions.CodeFirstServiceMethodProvider[0]
RPC services being provided by Name_project.WebUi.Services.ApiService: 5
warn: Microsoft.AspNetCore.DataProtection.Repositories.FileSystemXmlRepository[60]
Storing keys in a directory '/root/.aspnet/DataProtection-Keys' that may not be persisted outside of the container. Protected data will be unavailable when container is destroyed.
info: Microsoft.EntityFrameworkCore.Infrastructure[10403]
Entity Framework Core 6.0.6 initialized 'Name_DbContext' using provider 'Microsoft.EntityFrameworkCore.SqlServer:6.0.6' with options: MigrationsAssembly=Name_project.Persistence
Terminal will be reused by tasks, press any key to close it.
幫助了解如何為部署在 Docker 容器中的 Asp.net 應用程序啟用 Windows 身份驗證。 試圖指定Integrated Security=SSPI,也無濟於事。
你能幫助我嗎?
默認情況下,您不能在 Docker 容器中使用集成安全性。
您的應用程序不在 Windows 上運行,它在 Docker(可能是 Linux)上運行。 即使您使用 Windows 基礎映像,該容器也不在您的域中,和/或它不知道您的 SQL 服務器主機的 Windows 用戶,所以它可以驗證用戶。
您可以讓容器使用 Kerberos 使其表現得像屬於域一樣,但是您需要修改 Docker 映像以便它這樣做。
See for example Code Project: Authenticate .NET Core Client of SQL Server with Integrated Security from Linux Docker Container and MS Docs: Understanding Active Directory authentication for SQL Server on Linux and containers .
如何將 ASP.net 中的角色從匿名提升到 Windows 身份驗證?
[英]How to Elevate Role in ASP.net From anonymous to windows auth?
使用 iis 托管並啟用 Windows 身份驗證從 asp.net 返回 401 響應
[英]return 401 response from asp.net with iis hosting with windows auth enabled
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.