为什么我的MVC应用程序试图登录到我的数据库为我的机器,而不是应用程序池的身份? [英] Why is my MVC app trying to log into my DB as my machine, and not as the App Pool identity?
问题描述
当我试图访问我的新部署(到的lcoal IIS 7.5)MVC4应用程序,我得到的错误:
登录失败,用户'域\\计算机名$
其中,$附加,而不是机器名的一部分。
在web.config中的连接字符串如下:
<添加名称=ComairRIEntities
connectionString=\"metadata=res://*/Data.ComairRI.csdl|res://*/Data.ComairRI.ssdl|res://*/Data.ComairRI.msl;provider=System.Data.SqlClient;provider连接字符串=安培; QUOT;数据源=(本地);初始目录= MYDB;集成安全=真; MultipleActiveResultSets = TRUE;应用=&的EntityFramework放大器; QUOT;
的providerName =System.Data.EntityClient/>
解决方案这是发生了什么:
在连接字符串有以下设置:集成安全=真
这意味着,该SQL Server连接将会在进程的凭据它启动的连接进行验证。既然你是在IIS下运行,并且IIS使用应用程序池,连接将与运行应用程序池的Windows用户进行身份验证。默认情况下,这是与现在几乎权限被称为网络服务的用户。网络服务(或者在IIS7.5这是一个不同的)将永远不会有访问权限的数据库。
因为在IIS中不同的安全遗产一堆和一堆不同用户的流程,最终可能您的特定场景的细微差别可能会略有不同,但基本的问题是,你有集成安全=真并IIS进程与运行的用户是几乎没有权限的标准用户。要解决,你有几个选择:
- 更改集成安全= True以用户名\\密码验证。这将解决100%,但您可能不希望您的密码明文存放在web.config文件中。
- 在您的IIS虚拟目录设置,配置匿名用户是一个有意义的其中一个有权访问你的数据库。这将有助于最终,但是你将有不同的设置,玩得到它的权利。
如果您需要2更多帮助,您必须提供以下信息:
- 的程序池的身份
- 的虚拟目录的身份和虚拟目录的所有身份验证设置。
When I try and access my newly deployed (to lcoal IIS 7.5) MVC4 app, I get the error:
Login failed for user 'DOMAIN\MACHINE-NAME$'
where the '$' is appended and not part of the machine name.
The connection string in web.config looks like this:
<add name="ComairRIEntities" connectionString="metadata=res://*/Data.ComairRI.csdl|res://*/Data.ComairRI.ssdl|res://*/Data.ComairRI.msl;provider=System.Data.SqlClient;provider connection string="data source=(local);initial catalog=MyDB;integrated security=True;MultipleActiveResultSets=True;App=EntityFramework"" providerName="System.Data.EntityClient" />
解决方案This is what's going on:
In your connection string you have the following setting: integrated security=True What this means is that the SQL Server connection will be authenticated with the credentials of the process which initiates the connection. Since you are running under IIS and IIS uses application pools, the connection will be authenticated with the Windows user which runs the application pool. By default this is a user with almost now permissions called NetworkService. NetworkService (or maybe in IIS7.5 it's a different one) will never have access rights to your database. The nuances of your particular scenario might be a bit different because there is a bunch of different security inheritances in IIS and a bunch of different users your process may end up, however, the basic problem is that you have integrated security=True and the user the IIS process is running with is a standard user with almost no rights.
To fix you have a few options:
- Change integrated security=True to username\password authentication. This will solve it 100%, but you may not want to store your password clear text in the web.config file.
- In your IIS virtual directory settings, configure the anonymous user to be a meaningful one which has access rights to your db. This will help eventually, but you will have to play with different settings to get it right.
If you need more help with #2, you have to provide the following information:
- The identity of the AppPool
- The identity of the Virtual Directory and all the authentication settings of the virtual directory.
这篇关于为什么我的MVC应用程序试图登录到我的数据库为我的机器,而不是应用程序池的身份?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
