SQL Server集成身份验证模式 [英] SQL Server Integrated Authentication Mode

问题描述

我是从一个Web应用程序在连接字符串中使用Windows身份验证模式时，不知道。应用程序本身是使用Windows身份验证授权。哪个帐户将被用来登录到SQL Server。

I was wondering when using Windows Authentication mode in a connection string from a web application. Application itself is using Windows Authentication for authorization. Which account will be used to login to SQL Server.

难道光是Web应用程序池帐户？
用户帐户谁登录到使用Windows身份验证的Web应用程序？
任何其他帐户？

Is't the web application pool account? User account who logged in to web application using windows auth? Any other account?

应用程序是在Win 2008年辑64位和IIS 7应用程序池帐户运行的网络服务。

Application is running under Win Ser 2008 64 bit and IIS 7. Application pool account is Network Service.

推荐答案

这取决于你如何配置它。从<一个href=\"http://msdn.microsoft.com/en-us/library/ms998292.aspx\">http://msdn.microsoft.com/en-us/library/ms998292.aspx和<一个href=\"http://msdn.microsoft.com/en-us/library/bsz5788z.aspx\">http://msdn.microsoft.com/en-us/library/bsz5788z.aspx ...

It depends on how you configure it. From http://msdn.microsoft.com/en-us/library/ms998292.aspx and http://msdn.microsoft.com/en-us/library/bsz5788z.aspx ...

ASP.NET应用程序默认情况下不冒充。其结果是，当他们使用Windows身份验证连接到SQL Server，他们使用的Web应用程序的进程标识。用这种方法，在前端的Web应用程序验证和授权它的用户，然后使用一个可信身份来访问数据库。数据库信任应用程序的身份和信任应用程序正常身份验证和授权调用者。这种方法被称为受信任的子系统模型。

ASP.NET applications do not impersonate by default. As a result, when they use Windows authentication to connect to SQL Server, they use the Web application's process identity. With this approach, your front-end Web application authenticates and authorizes its users and then uses a trusted identity to access the database. The database trusts the application's identity and trusts the application to properly authenticate and authorize callers. This approach is referred to as the trusted subsystem model.

被称为模拟/委派模型使用原调用方的Windows标识来访问数据库的替代模式。这种方法要求你的ASP.NET应用程序配置为使用模拟。请参见模拟/委派与信任子系统本文件中。

The alternative model referred to as the impersonation/delegation model uses the original caller's Windows identity to access the database. This approach requires that your ASP.NET application is configured to use impersonation. See the section "Impersonation / Delegation vs. Trusted Subsystem" in this document.

所以，这取决于你如何配置它，它可以使用任何应用程序池帐户（而不是不使用模拟时）或帐户的登录的是（使用模拟时）使用Web应用程序的用户。

So depending on how you have configured it, it could use either the app pool account (not when not using impersonation) or the account of the logged-in user that is using the web application (when using impersonation).

请参阅http://msdn.microsoft.com/en-us/library/134ec8tc.aspx为模拟信息。

这篇关于SQL Server集成身份验证模式的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！