asp.net Windows身份验证的SQL Server [英] asp.net windows authentication to sql server
问题描述
我似乎无法得到SQL服务器识别我的凭据。
I can not seem to get sql server to recognize my credentials.
Asp.net认识我,当我登录,但是当我执行一个SQL命令,我得到一个登录失败的消息。
Asp.net recognizes me when I login but when I execute a sql command I get a login failed message.
在IIS服务器和SQL服务器在不同的机器上。
The IIS server and SQL server are on different machines.
有其它应用程序的IIS服务器这是能够验证到SQL服务器。我相信Active Directory设置是否正确。我调查我在做什么不同的。
There are other applications the IIS server which are able to authenticate to the sql server. I believe the Active Directory settings are correct. I am investigating what I am doing differently.
我必须失去了一些东西。
I must be missing something.
- 我检查IIS设置
- web配置设置来模拟。
以下是相关信息。如果任何人有任何想法,我错过或做错了我会的AP preciate一些帮助。
Below is the relevant information. If anyone has any idea as to what I missed or am doing wrong I would appreciate some help.
IIS设置:
- 集成Windows身份验证
- 启用匿名访问未选中
Web配置
<authentication mode="Windows"/>
<identity impersonate="true"/>
<authorization>
<deny users="?" />
</authorization>
的Page_Load code:
Page_Load Code:
Dim winId As IIdentity = HttpContext.Current.User.Identity
TextBoxMessage.Text = winId.Name + Environment.NewLine
Dim cnn As SqlClient.SqlConnection
Try
Dim sql As String = "*****"
cnn = New SqlClient.SqlConnection("Data Source=*****;Initial Catalog=****;Integrated Security=True")
cnn.Open()
Dim cmd As New SqlClient.SqlCommand(sql, cnn)
cmd.ExecuteNonQuery()
cnn.Close()
Catch ex As Exception
TextBoxMessage.Text += ex.Message
cnn.Close()
End Try
输出:
域\\用户名
用户登录失败'NT AUTHORITY \\ ANONYMOUS登录。
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
推荐答案
这是关键的= IIS服务器和SQL服务器在不同的机器上。你面临的经典的双跃点问题。这样想想吧:
This is key = The IIS server and SQL server are on different machines. You're facing the classic double hop issue. Think of it in this way:
- 您根据您的凭据访问web应用程序
- IIS在这种情况下,有对你说,你是谁到SQL Server present
- IIS说:,为什么你好SQL Server中,我传递托尼的Kerberos creds,他们是合法的
- SQL Server的说,嗯,IIS我不知道我信任你,我需要证明你是值得信赖的,以present这些凭据给我。
- You access the web application under your credentials
- IIS in this case has to present who you say you are to the SQL Server
- IIS says, "Why hello SQL Server, I'm passing on Tony's kerberos creds, they are legit"
- SQL Server says, "Hmmm, IIS I'm not sure I trust you, I need proof that you are trusted to present these credentials to me".
因此,一旦启用代表团由提到的莱姆斯,您的SQL Server会信任代表您的凭据您的IIS服务器是presenting。
Thus once you enable delegation as mentioned by Remus, your SQL Server will trust the credentials your IIS server is presenting on your behalf.
在安全方面,根据代表团,这将是明智的选择:
In terms of security, under delegation, it would be wise to choose:
信任此计算机进行委派,指定的服务|仅使用Kerberos |然后把服务来此帐户可以present委派凭据下面请确保您明确设置您所需要的服务器/端口。
Trust this computer for delegation for specified services only | Use Kerberos only | and then underneath the "Services to which this account can present delegated credentials" make sure you explicitly set only the server/port you need.
这篇关于asp.net Windows身份验证的SQL Server的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
