SQL Server集成安全从Azure的网站 [英] SQL Server Integrated Security from an Azure Web Site

问题描述

当运行在IIS上一个ASP.Net网站，我可以指定活动目录（AD）的用户名，该网站中的应用程序池设置的上下文中运行。那么我可以创建具有集成安全性的连接字符串= true来访问我的数据库。它当时可能基于AD用户，以确保数据库资源。

When running an ASP.Net website on IIS I can specify the Active Directory (AD) username that the website runs in the context of in the App Pool settings. I can then create a connection string with Integrated Security = true to access my database. It's then possible to secure DB resources based on that AD user.

连接网站以虚拟机托管一个SQL数据库时，这是可能在Windows Azure中？

Is this possible in Windows Azure when connecting a Web Site to a VM hosting an SQL database?

• 首先，它似乎并不可能，所以我不知道如何在连接字符串指定网站的虚拟网络。我希望我不需要到SQL Server的端口（1433）公开给外界这样的网站可以访问它。

• Firstly it does not seem possible to specify the virtual network of the Web Site so I am not sure how to specify the connection string. I'm hoping I don't need to expose the SQL Server's port (1433) to the outside world so the website can make access to it.

其次，我看不出如何指定网站的用户环境，使这可以被传递到SQL Server。我知道，天青有一个Active Directory，但我没有看到在Azure门户任何选项来运行一个网站作为一个特定的用户。

Secondly, I can't see how to specify the user context of the Web Site so that this can be passed to the SQL Server. I am aware that Azure has an Active Directory but I don't see any options in the Azure Portal to run a Web Site as a specific user.

推荐答案

要回答你的问题的第一部分，你只能在preVIEW门户您Azure的Web应用程序连接到虚拟网络。如果你去的主要性能刀锋的Web应用程序的底部，有一个网络部分，让您选择的vnet。

To answer the first part of your question, you can connect your Azure Web App to a virtual network only in the preview portal. If you go to the very bottom of the main properties "blade" for the web app, there's a "Networking" section that will allow you to select the vnet.

第二部分 - 我不相信有办法做到这一点，由于缺乏对以上Azure的Web应用程序的应用程序池设置控制

The second part - I don't believe there's a way to do that, due to the lack of control over the application pool settings for Azure Web Apps.

在Web应用程序的每个应用程序运行作为一个随机的唯一低权限的工作进程标识被称为应用程序池标识，进一步说明如下：的http://www.iis.net/learn/manage/configuring-security/application-pool-identities.

Each app in Web Apps runs as a random unique low-privileged worker process identity called the "application pool identity", described further here: http://www.iis.net/learn/manage/configuring-security/application-pool-identities.

（来源：<一个href=\"http://azure.microsoft.com/en-us/documentation/articles/web-sites-available-operating-system-functionality/\" rel=\"nofollow\">http://azure.microsoft.com/en-us/documentation/articles/web-sites-available-operating-system-functionality/)

SQL身份验证将在这种情况下工作。

Sql authentication will work in this scenario.

如果你有天青外主办的网站，它是绝对有可能 - 我们有一个使用Windows身份验证来发布数据库项目构建一个SQL Server虚拟机在Azure中通过互联星空本地托管的TFS构建服务器

And if you have the website hosted outside of Azure, it's definitely possible - we have a TFS build server that's hosted locally using windows authentication to publish database project builds to a SQL Server VM in Azure over a vnet.

这篇关于SQL Server集成安全从Azure的网站的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！