在IIS应用程序池的身份和安全集成到SQL Server [英] Application pool identity in IIS and Integrated security to SQL Server

问题描述

如果我有使用模拟和一个SQL Server集成安全=真ConnectionString中的ASP.NET Web应用程序，它的应用程序IIS应用程序池的身份发挥任何作用？

If I have an ASP.NET web app using impersonation and a SQL Server connectionstring with Integrated Security = true, does the identity of the IIS application pool of the app play any role?

是否需要标识被设置为一些特定的用户（本地系统，网络服务或域用户）？这是Windows 2003。

Does the identity need to be set to some specific user (LocalSystem, NetworkServices or a domain user)? This is on Windows 2003.

推荐答案

如果在SQL Server是在不同的盒子比IIS然后IIS应用程序池的标识必须被信任作为约束委派。见如何：使用协议转换和约束代表团在ASP.NET 2.0中 。如果IIS应用程序正在运行网络服务或系统则IIS机器帐户被信任作为约束委派。链接的资源具有的所有步骤进行此设置。

If the SQL Server is on a different box than IIS then the identity of the IIS application pool has to be trusted for constrained delegation. See How To: Use Protocol Transition and Constrained Delegation in ASP.NET 2.0. If the IIS app is running as NETWORK SERVICE or SYSTEM then the IIS machine account has to be trusted for constrained delegation. The linked resource has all the steps to set this up.

如果在SQL Server在同一台机器上的IIS则没有任何要求AFAIK。

If the SQL Server is on the same machine as IIS then there isn't any requirement afaik.

这篇关于在IIS应用程序池的身份和安全集成到SQL Server的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！