域\计算机名$'用户登录失败 [英] Login failed for user 'DOMAIN\MACHINENAME$'
问题描述
我知道这几乎是重复的:<一href="http://stackoverflow.com/questions/1269706/the-error-login-failed-for-user-nt-authority-iusr-in-asp-net-and-sql-server-2">http://stackoverflow.com/questions/1269706/the-error-login-failed-for-user-nt-authority-iusr-in-asp-net-and-sql-server-2和<一href="http://stackoverflow.com/questions/97594/login-failed-for-user-username-system-data-sqlclient-sqlexception-with-linq-i">http://stackoverflow.com/questions/97594/login-failed-for-user-username-system-data-sqlclient-sqlexception-with-linq-i但有些东西并不加起来比我的服务器上的其他应用进展,我不知道为什么。
I know this is almost duplicate of : http://stackoverflow.com/questions/1269706/the-error-login-failed-for-user-nt-authority-iusr-in-asp-net-and-sql-server-2 and http://stackoverflow.com/questions/97594/login-failed-for-user-username-system-data-sqlclient-sqlexception-with-linq-i but some things don't add up compared to other appliations on my server and I am not sure why.
正在使用的邮箱:
网络盒
SQL盒
SQL测试盒
Web Box
SQL Box
SQL Test Box
我的应用程序:
我有aASP.NET Web应用程序,它引用使用LINQ到SQL类库。连接字符串设置正确的类库。按<一个href="http://stackoverflow.com/questions/97594/login-failed-for-user-username-system-data-sqlclient-sqlexception-with-linq-i">http://stackoverflow.com/questions/97594/login-failed-for-user-username-system-data-sqlclient-sqlexception-with-linq-i我还添加了此连接字符串的Web应用程序。
I've got aASP.NET Web Application, which references a class library that uses LINQ-to-SQL. Connection string set up properly in the class library. As per http://stackoverflow.com/questions/97594/login-failed-for-user-username-system-data-sqlclient-sqlexception-with-linq-i I also added this connection string to the Web Application.
在连接字符串使用SQL凭据等等(在Web应用程序和类库):
The connection string uses SQL credentials as so (in both web app and class library):
<add name="Namespace.My.MySettings.ConnectionStringProduction"
connectionString="Data Source=(SQL Test Box);Initial Catalog=(db name);Persist Security Info=True;User ID=ID;Password=Password"
providerName="System.Data.SqlClient" />
此连接证实通过将其添加到服务器资源管理器的工作。这是我的.dbml文件正在使用的连接字符串。
This connection confirmed as working via adding it to server explorer. This is the connection string my .dbml file is using.
的问题:
我收到以下错误:
System.Data.SqlClient.SqlException: Login failed for user 'DOMAIN\MACHINENAME$'.
现在引用此<一个href="http://stackoverflow.com/questions/1269706/the-error-login-failed-for-user-nt-authority-iusr-in-asp-net-and-sql-server-2">http://stackoverflow.com/questions/1269706/the-error-login-failed-for-user-nt-authority-iusr-in-asp-net-and-sql-server-2它说这是真正的本地网络服务和使用任何其他非域名将无法正常工作。
Now referencing this http://stackoverflow.com/questions/1269706/the-error-login-failed-for-user-nt-authority-iusr-in-asp-net-and-sql-server-2 it says that's really the local network service and using any other non-domain name will not work.
不过,我很困惑,因为我已经签了SQL方块和SQL试验箱SQL Management Studio并都有 NT AUTHORITY / NETWORK SERVICE 下的安全性 - >登录,在数据库级别上,未在安全性下上市公司 - >用户,但在数据库级安全 - >用户我已经在用户中显示连接字符串中的
But I am confused because I've checked both SQL Box and SQL Test Box SQL Management Studio and both have NT AUTHORITY/NETWORK SERVICE under Security -> Logins, at the database level, that isn't listed under Security -> Users, but at the database level Security -> Users I have the user displayed in the connection string.
在Web服务器上的NTFS级别,权限已NETWORK SERVICE完全控制。
At NTFS level on web server, the permissions have NETWORK SERVICE has full control.
为什么我感到困惑的原因是因为我有我的Web服务器上的许多其他Web应用程序,在两个SQL方块和SQL测试箱的参考数据库,和他们所有的工作。但我不能找到一个区别他们和我目前的应用程序之间,除了我使用的是类库。请问是怎么回事?检查NTFS权限,设置安全登录的服务器和数据库级别,连接字符串和连接(SQL Server凭证)的方法,和IIS应用程序池和其他文件夹选项,都是一样的。
The reason why I am confused is because I have many other web applications on my Web Server, that reference databases on both SQL Box and SQL Test Box, and they all work. But I cannot find a difference between them and my current application, other than I am using a class library. Will that matter? Checking NTFS permissions, setup of Security Logins at the server and databases levels, connection string and method of connecting (SQL Server credentials), and IIS application pool and other folder options, are all the same.
为什么不加入计算机名$要么我的SQL框的权限,这些应用程序?但是,这是什么样的一个链接,告诉我做什么来解决这个问题。
Why do these applications work without adding the machinename$ to the permissions of either of my SQL boxes? But that is what the one link is telling me to do to fix this problem.
推荐答案
网络服务和本地系统将始终验证自己作为correpsonding帐户本地(内置\网络服务,内置\ SYSTEM),但两者都将远程认证作为计算机帐户。
NETWORK SERVICE and LocalSystem will authenticate themselves always as the correpsonding account locally (builtin\network service and builtin\system) but both will authenticate as the machine account remotely.
如果你看到这样失败登录失败,用户域\计算机名$ 这意味着一个进程中运行的网络服务或本地系统已经访问远程资源,已经验证自己的计算机帐户,并拒绝授权。
If you see a failure like Login failed for user 'DOMAIN\MACHINENAME$' it means that a process running as NETWORK SERVICE or as LocalSystem has accessed a remote resource, has authenticated itself as the machine account and was denied authorization.
典型的例子是在一个应用程序池设置为使用网络服务的凭证,并连接到远程SQL Server上运行的ASP应用程序:应用程序池将验证为的机的运行应用程序池,并是需要本机帐户被授予访问权限。
Typical example would be an ASP application running in an app pool set to use NETWORK SERVICE credential and connecting to a remote SQL Server: the app pool will authenticate as the machine running the app pool, and is this machine account that needs to be granted access.
在访问被拒绝到计算机帐户,然后访问必须被授予计算机帐户。如果服务器拒绝登录'DOMAIN \ MACHINE $',那么你就必须授予登录权限为DOMAIN \ MACHINE $'不是网络服务。授予访问网络服务将允许本地进程作为网络服务运行连接,而不是一个遥远的,因为远程人会验证为,你猜,DOMAIN \ MACHINE $。
When access is denied to a machine account, then access must be granted to the machine account. If the server refuses to login 'DOMAIN\MACHINE$', then you must grant login rights to 'DOMAIN\MACHINE$' not to NETWORK SERVICE. Granting access to NETWORK SERVICE would allow a local process running as NETWORK SERVICE to connect, not a remote one, since the remote one will authenticate as, you guessed, DOMAIN\MACHINE$.
如果您希望在ASP应用程序连接到远程SQL Server作为SQL登录,你会得到关于域名\ MACHINE例外$,这意味着你使用集成安全性的连接字符串研究。如果这是意外,这意味着你搞砸了,你使用的连接字符串。
If you expect the asp application to connect to the remote SQL Server as a SQL login and you get exceptions about DOMAIN\MACHINE$ it means you use Integrated Security in the connection string. If this is unexpected, it means you screwed up the connection strings you use.
这篇关于域\计算机名$'用户登录失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
