用户 'DOMAINMACHINENAME$' 登录失败 [英] Login failed for user 'DOMAINMACHINENAME$'

查看:29
本文介绍了用户 'DOMAINMACHINENAME$' 登录失败的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我知道这几乎是重复的:错误用户'NT AUTHORITYIUSR'登录失败";在 ASP.NET 和 SQL Server 2008用户用户名"登录失败 - System.Data.SqlClient.SqlException 与外部项目/类库中的 LINQ 但与我服务器上的其他应用程序相比,有些事情并没有增加,我是不知道为什么.

I know this is almost a duplicate of : The error "Login failed for user 'NT AUTHORITYIUSR'" in ASP.NET and SQL Server 2008 and Login failed for user 'username' - System.Data.SqlClient.SqlException with LINQ in external project / class library but some things don't add up compared to other appliations on my server and I am not sure why.

正在使用的盒子:

网页框
SQL 框
SQL 测试框

Web Box
SQL Box
SQL Test Box

我的申请:

我有一个 ASP.NET Web 应用程序,它引用了一个使用 LINQ-to-SQL 的类库.在类库中正确设置了连接字符串.根据 用户用户名"登录失败' - System.Data.SqlClient.SqlException 与外部项目/类库中的 LINQ 我也将此连接字符串添加到 Web 应用程序.

I have an ASP.NET Web Application, which references a class library that uses LINQ-to-SQL. Connection string set up properly in the class library. As per Login failed for user 'username' - System.Data.SqlClient.SqlException with LINQ in external project / class library I also added this connection string to the Web Application.

连接字符串使用 SQL 凭据(在 Web 应用程序和类库中):

The connection string uses SQL credentials as so (in both web app and class library):

 <add name="Namespace.My.MySettings.ConnectionStringProduction"
        connectionString="Data Source=(SQL Test Box);Initial Catalog=(db name);Persist Security Info=True;User ID=ID;Password=Password"
        providerName="System.Data.SqlClient" />

通过将其添加到服务器资源管理器确认此连接有效.这是我的 .dbml 文件使用的连接字符串.

This connection confirmed as working via adding it to Server Explorer. This is the connection string my .dbml file is using.

问题:

我收到以下错误:

System.Data.SqlClient.SqlException: Login failed for user 'DOMAINMACHINENAME$'.

现在引用这个 错误用户'NT AUTHORITYIUSR'登录失败"在 ASP.NET 和 SQL Server 2008 中,它表示这实际上是本地网络服务,使用任何其他非域名都不起作用.

Now referencing this The error "Login failed for user 'NT AUTHORITYIUSR'" in ASP.NET and SQL Server 2008 it says that's really the local network service and using any other non-domain name will not work.

但我很困惑,因为我已经检查了 SQL Box 和 SQL Test Box SQL Management Studio,并且在安全性 -> 登录下都有 NT AUTHORITY/NETWORK SERVICE,在数据库级别,这不是未在安全 -> 用户下列出,但在数据库级别安全 -> 用户我已将用户显示在连接字符串中.

But I am confused because I've checked both SQL Box and SQL Test Box SQL Management Studio and both have NT AUTHORITY/NETWORK SERVICE under Security -> Logins, at the database level, that isn't listed under Security -> Users, but at the database level Security -> Users I have the user displayed in the connection string.

在 Web 服务器上的 NTFS 级别,权限具有 NETWORK SERVICE 完全控制.

At NTFS level on web server, the permissions have NETWORK SERVICE has full control.

我之所以感到困惑,是因为我的 Web 服务器上还有许多其他 Web 应用程序,SQL Box 和 SQL Test Box 上的引用数据库,它们都可以正常工作.但是我找不到它们和我当前的应用程序之间的区别,除了我使用的是类库.那会重要吗?检查 NTFS 权限、在服务器和数据库级别设置安全登录、连接字符串和连接方法(SQL Server 凭据)以及 IIS 应用程序池和其他文件夹选项都相同.

The reason why I am confused is because I have many other web applications on my Web Server, that reference databases on both SQL Box and SQL Test Box, and they all work. But I cannot find a difference between them and my current application, other than I am using a class library. Will that matter? Checking NTFS permissions, setup of Security Logins at the server and databases levels, connection string and method of connecting (SQL Server credentials), and IIS application pool and other folder options, are all the same.

为什么这些应用程序可以在没有将 machinename$ 添加到我的任何一个 SQL 框的权限中的情况下工作?但这就是一个链接告诉我要解决这个问题的方法.

Why do these applications work without adding the machinename$ to the permissions of either of my SQL boxes? But that is what the one link is telling me to do to fix this problem.

推荐答案

NETWORK SERVICE 和 LocalSystem 将始终作为本地相应帐户(builtin etwork service 和 builtinsystem)进行身份验证,但两者都将远程身份验证为机器帐户.

NETWORK SERVICE and LocalSystem will authenticate themselves always as the correpsonding account locally (builtin etwork service and builtinsystem) but both will authenticate as the machine account remotely.

如果您看到类似 Login failed for user 'DOMAINMACHINENAME$' 这样的失败,这意味着作为 NETWORK SERVICE 或 LocalSystem 运行的进程访问了远程资源,已将自己验证为机器帐户并被拒绝授权.

If you see a failure like Login failed for user 'DOMAINMACHINENAME$' it means that a process running as NETWORK SERVICE or as LocalSystem has accessed a remote resource, has authenticated itself as the machine account and was denied authorization.

典型示例是在设置为使用网络服务凭据并连接到远程 SQL Server 的应用程序池中运行的 ASP 应用程序:应用程序池将作为运行应用程序池的机器进行身份验证,并且是需要授予访问权限的计算机帐户吗.

Typical example would be an ASP application running in an app pool set to use NETWORK SERVICE credential and connecting to a remote SQL Server: the app pool will authenticate as the machine running the app pool, and is this machine account that needs to be granted access.

当对机器帐户的访问被拒绝时,必须向该机器帐户授予访问权限.如果服务器拒绝登录 'DOMAINMACHINE$',则您必须授予 'DOMAINMACHINE$' 登录权限,而不是 NETWORK SERVICE.授予对 NETWORK SERVICE 的访问权限将允许作为 NETWORK SERVICE 运行的本地进程进行连接,而不是远程进程,因为远程进程将验证为,您猜到了,DOMAINMACHINE$.

When access is denied to a machine account, then access must be granted to the machine account. If the server refuses to login 'DOMAINMACHINE$', then you must grant login rights to 'DOMAINMACHINE$' not to NETWORK SERVICE. Granting access to NETWORK SERVICE would allow a local process running as NETWORK SERVICE to connect, not a remote one, since the remote one will authenticate as, you guessed, DOMAINMACHINE$.

如果您希望 asp 应用程序作为 SQL 登录名连接到远程 SQL Server 并且您收到有关 DOMAINMACHINE$ 的异常,则意味着您在连接字符串中使用了集成安全性.如果这是意外,则意味着您搞砸了您使用的连接字符串.

If you expect the asp application to connect to the remote SQL Server as a SQL login and you get exceptions about DOMAINMACHINE$ it means you use Integrated Security in the connection string. If this is unexpected, it means you screwed up the connection strings you use.

这篇关于用户 'DOMAINMACHINENAME$' 登录失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆