ASP.NET和IIS配置 [英] ASP.NET and IIS config
问题描述
嘿!
我有一个小型的mvc 2应用程序,该应用程序部署在运行IIS7的Windows 2008服务器上.使用Windows身份验证,只有几个用户可以访问该站点.我需要能够使用WindowsIdentity.GetCurrent()或类似的东西从Web gui中选择用户身份.我猜可以在配置文件中轻松配置授权.我的问题是:我应该在IIS中使用什么身份?如果我选择服务器的sysAdmin帐户,我将无法从Web上选择用户,因为它始终是sysAdmin.如果使用ApplicationPoolIdentity,则需要为SqlServer中的每个用户创建一个帐户来访问数据库,这可能是个问题,因为新用户的添加和删除非常频繁.我真正想要的是这样的:用户使用Windows身份验证访问网站.然后,IIS使用SysAdmin帐户连接到数据库.这可能吗?
提前谢谢!
Erik
Hey!
I have a small mvc 2 application that is deployed on a windows 2008 server, running IIS7. The site is going to be accessable only for a couple of users, using Windows Authentication. I need to be able to pick the user identity from the web gui, using WindowsIdentity.GetCurrent() or something like that. I guess the authorization can be easily configured in the config file. My problem is: What identity should I use in the IIS? If I pick the sysAdmin account for the server, I''ll not be able to pick the user from the Web since it''s always sysAdmin. If I use ApplicationPoolIdentity, I need to create an account for each user in SqlServer to access the database, and that will probably be a problem since new users will be added and removed pretty often. What i''m really looking for is something like this: The user uses windows authentication to access the website. Then the IIS uses the SysAdmin account to connect to the database. Is this possible?
Thanks in advance!
Erik
推荐答案
您可以创建一个AD组,并将需要sqlserver的访问权限授予该组而不是个人.
此外,IIS允许模拟,这意味着一个人可以使用自己的登录名对站点进行身份验证,但是iis将使用特定的模拟用户来进行数据库调用.
在身份验证,asp.net模拟下找到此名称,单击编辑",然后将用户更改为您要使用的数据库连接对象.
You could create a AD group and give the access you need to sqlserver to that group instead of to individuals.
Also, IIS allows impersonation, which means a person can authenticate to the site using their own login, but iis will use a specific impersonated user to do the database calls.
Find this under authentication, asp.net impersonation, click edit, and change the user to the one you want to connect to the database with
在您的Web配置中,只需将模式设置为Windows您的应用程序的身份验证
In your web config, just set the mode to Windows Authentication for your application
<authentication mode="Windows" />
现在,使用[Authorise]属性装饰您要强制进行身份验证的所有控制器或操作.
Now, decorate any controllers or actions that you want to force authentication against with the [Authorise] attribute.
e.g
[Authorise]
public MyController : Controller
{
}
现在,在MVC视图中对User.Identity的任何使用都将显示Windows用户名.对于第二部分,您可以通过两种方式实现这一目标.
1)在IIS中创建一个新的应用程序池.编辑应用程序池(属性),然后转到身份"选项卡.将其从预定义"更改为可配置",然后选择要使用的Windows配置文件.例如MYDOMAIN \ SqlAppUser.如果在与SQL数据库的连接字符串中使用集成安全性,则它现在将在连接时使用应用程序池定义的身份.您只需要将此单个帐户添加到SQL Server安全设置&你完成了.
2)您也可以从连接字符串中删除集成安全性,而仅使用标准" SQL安全性,在SQL Server&走开!
Any use of User.Identity in your MVC views will now be showing the windows user name. For your second part, you could achieve this in 2 ways.
1) Create a new application pool in IIS. Edit the application pool (properties) and goto the Identity tab. Change it from ''Predefined'' to ''Configurable'' and select a windows profile to use. e.g MYDOMAIN\SqlAppUser. If you are using Integrated security in your connection string to the SQL database, it will now use the identity defined by the application pool when connecting. You just need to add this single account to the SQL server security settings & you are done.
2) You could alternatively remove Integrated Security from your connection string and just use ''standard'' SQL security, define the account on SQL Server & away you go!
检查这些博客
http://technet.microsoft.com/en-us/library/cc730708% 28WS.10%29.aspx [ ^ ]
http://learn.iis.net/page.aspx/243/aspnet-integration -with-iis/ [ ^ ]
--NDK
check these blogs
http://technet.microsoft.com/en-us/library/cc730708%28WS.10%29.aspx[^]
http://learn.iis.net/page.aspx/243/aspnet-integration-with-iis/[^]
--NDK
这篇关于ASP.NET和IIS配置的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
