ASP.NET 4中的双跳模拟,协议转换和约束委派 [英] Double Hop Impersonation, Protocol Transitioning and Constrained Delegation in ASP.NET 4
问题描述
我想使用IIS模拟作为当前访问网站的用户连接到SQL Server数据库.这是出于审核和安全原因.
I want to use IIS impersonation to connecto to a SQL server database as the user who is currently accessing a website. This is for auditing and security reasons.
我已经读了一些书,发现由于SQL Server位于单独的物理服务器上,因此我需要为运行IIS的服务器启用协议转换和约束委派.这是我发现的文章... http://msdn.microsoft.com/en-us/library/ff649317.aspx
I've done some reading and discovered that because the SQL Server is on a sepearate physical server I need to enable Protocol Transitioning and Constrained delegation for the server that's running IIS. This is the article that I found ... http://msdn.microsoft.com/en-us/library/ff649317.aspx
我在初次阅读时没有意识到,但是本文具有以下标题...
I didn't realise at the time I first read it but this article has the following header...
退休内容
此内容已过时,不是更长的维护时间.这是礼貌地提供给个人谁还在使用这些技术.该页面可能包含最初时有效的网址已发布,但现在链接到网站或页面不再存在.
This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.
我想知道的是,本文中的信息是否仍然适用,如果我想一路模拟用户到SQL Server,我是否仍需要约束委派,或者是否已以其他方式实现了此目的?ASP.NET 4?
What I want to know is, does the information in the article still apply, if I want to impersonate the user all the way to the SQL Server, do i still need Constrained Delegation or has this been implemented in some other way for ASP.NET 4?
推荐答案
受约束的委派是将模拟凭据信息流到第二个主机的 only 方法.ASP.Net与它无关,只是使用Kerberos框架的普通应用程序.没有改变.一旦ASP.NEt应用程序模拟了IIS身份验证的上下文(请参阅
Constrained Delegation is the only way to flow impersonated credentials information to a second host. ASP.Net has nothing to do with it, is just an ordinary app that uses the Kerberos framework. Nothing changed. Once the ASP.NEt applicaiton impersonates the context authenticated by IIS (see Configure ASP.NET Impersonation Authentication) the same rules for delegation apply:
- 必须将应用程序池帐户配置为受信任的约束委派
- SQL Server必须正确注册SPN
这篇关于ASP.NET 4中的双跳模拟,协议转换和约束委派的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
