为IIS创建APPPOOL SQL Server的登录 - 在不同的机器IIS和SQL Server [英] Create SQL Server Login for IIS APPPOOL - IIS and SQL Server on different machines
问题描述
我搜索thoroughly-道歉提前如果我缺少一个明显的答案。
其次在以下链接的建议和解决方案没有奏效。该解决方案还没有表明是否适用于在不同的计算机上运行IIS和SQL Server生产网络服务器。
<一href=\"http://stackoverflow.com/questions/1933134/add-iis-7-apppool-identities-as-sql-server-logons\">Add IIS 7的应用程序池标识与SQL Server登录
I've searched thoroughly- apologies in advance if I am missing an obvious answer. Followed the recommendations at link below and the solution did not work. The solution also does not indicate whether it applies to a production webserver running IIS and SQL Server on separate computers. Add IIS 7 AppPool Identities as SQL Server Logons
下面链接微软没有创建一个SQL Server的Windows登录提供特定的语法:
<一href=\"http://www.iis.net/learn/manage/configuring-security/application-pool-identities\">http://www.iis.net/learn/manage/configuring-security/application-pool-identities
Microsoft link below does not provide specific syntax for creating a SQL Server Windows Login: http://www.iis.net/learn/manage/configuring-security/application-pool-identities
我们的目标是要在Server 2008 R2的计算机上运行安全地部署一个ASP.NET 4.0 Web应用程序向社会公布我们的生产环境IIS 7.5。以达到最佳效果,我们的SQL Server 2008在同一个域中单独的计算机上运行。我们想用SQL Sever的Windows身份验证,而不模拟,以允许在IIS框和SQL Server进行通信的ASP.NET应用程序。目前SQL Server登录连接字符串允许.NET应用程序连接到SQL Server,但我们要升级连接字符串是Windows SQL Server登录更加安全。
Our goal is to securely deploy a ASP.NET 4.0 web application to the public on a Server 2008 R2 computer running IIS 7.5 in our production environment. As per best practices, we have SQL Server 2008 running on a separate computer in the same domain. We want to use SQL Sever Windows Authentication without impersonation to allow the ASP.NET application on the IIS box and SQL Server to communicate. Currently a SQL Server login connection string allows the .NET app to connect to SQL Server but we want to upgrade the connection string to be a Windows SQL Server login to be more secure.
在IIS 7.5中我们已经配置的应用程序池的网站。
在应用程序池高级设置,内置帐户都同时使用ApplicationPoolIdentity和网络服务没有成功尝试。最佳做法据说是用ApplicationPoolIdentity更严格的安全性。
On IIS 7.5 we've configured an Application Pool for the website. Under Application Pool advanced setting, Built-In Account have tried using both ApplicationPoolIdentity and Network service without success. Best practice is said to be to use ApplicationPoolIdentity for tighter security.
这失败,则创建一个SQL Server的Windows登录的步骤。
The step that fails is creating a SQL Server Windows login.
我们已经按照每顶部链接如下步骤:
We've followed the following steps per top link:
1.In SQL Server Management Studio中,查找安全文件夹(文件夹的安全性在同级别的数据库,服务器对象等夹...不是每个单独的数据库中的安全文件夹)
1.In SQL Server Management Studio, look for the Security folder (the security folder at the same level as the Databases, Server Objects, etc. folders...not the security folder within each individual database)
2.右键单击登录并选择新建登录
2.Right click logins and select "New Login"
3.In登录名称字段中,键入IIS APPPOOL \\ YourAppPoolName - 不要点击搜索
3.In the Login name field, type IIS APPPOOL\YourAppPoolName - do not click search
4.Fill任何其他值你喜欢的(即,认证类型,默认数据库等)
5.Click确定
4.Fill whatever other values you like (i.e., authentication type, default database, etc.) 5.Click OK
您能告诉我与IIS 7.5和SQL Server是在不同的盒子,我需要用它来创建SQL Server登录窗口的语法是什么?
Can you please tell me with IIS 7.5 and SQL Server being on separate boxes, what syntax I need to use to create the SQL Server Window Login?
我曾尝试:MYDOMAIN \\计算机1 $ \\ IIS APPPOOL \\ MyAppPoolName很多次都没有成功结果
错误消息是:Windows NT用户或组IIS APPPOOL \\ MyAppPoolName无法找到
I have tried: "mydomain\machine1$\IIS APPPOOL\MyAppPoolName" many times without success.
Error message is: "Windows NT User or group IIS APPPOOL\MyAppPoolName can not be found"
我用到位计算机1的Web服务器的网络名(以及实际的应用程序池名称和域名)。
I have used the network name of the webserver in place of machine1 (along with the actual app pool name, and domain name).
在此先感谢您的帮助。
PS如果微软提供了关于如何完成这一共同的应该是什么容易的任务一步步的教程这将是巨大的。在这里你的答案在计算器上会帮助很多人:)
PS It would be great if Microsoft provided a step by step tutorial on how to accomplish this common and what should be easy task. Your answers here on StackOverFlow will help many people :)
推荐答案
一个解决方案,您的问题将是建立一个独立的(不是内置)帐户应用程序池。你可以给该帐户最小的权利,也给访问SQL Server。
One solution to your problem would be to set up a separate (not built-in) account for the application pool. You could give that account minimal rights and also give the access to SQL Server.
这样,您就可以使用这是很容易的域帐户设置,但仍控制安全性紧密。
This way you could use a domain account which is easy to set up but still control security tightly.
这篇关于为IIS创建APPPOOL SQL Server的登录 - 在不同的机器IIS和SQL Server的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
