将IIS 7 AppPool标识添加为SQL Server登录 [英] Add IIS 7 AppPool Identities as SQL Server Logons

问题描述

我正在使用集成管道模式的AppPool运行IIS 7网站。
AppPools不在NetworkService等运行。身份（按用途），但使用它自己的AppPool Identitiy（IIS AppPool \ MyAppPool）。

I'm running an IIS 7 Website with an AppPool of Integrated Pipeline Mode. The AppPools does NOT run under NetworkService, etc.. identity (by purpose), but uses it's own AppPool Identitiy (IIS AppPool\MyAppPool).

这是一个所谓的服务帐户或虚拟帐户。
（一个用户帐户，这不是一个完整的帐户...）

This is a so called service account or virtual account. (a user account, which is not a full account...)

我想提供此服务帐户（IIS AppPool \ MyAppPool）连接到我的SQL Server 2008 Express的权限（以混合身份验证模式运行）。

I'd like to give this service account (IIS AppPool\MyAppPool) permissions to connect to my SQL Server 2008 Express (running in Mixed Auth. Mode).

虽然SQL Server可以添加任何普通用户帐户，但IIS AppPool \\ \\ MyAppPool虚拟帐户无法添加到有效登录中（SQL Server说，无法找到该帐户）。

有什么技巧，我有什么用需要启用以使虚拟帐户工作？
（根据taskmgr，w3wp.exe进程在此身份下运行，但我无法在NTFS安全中使用该帐户...）

Is there any trick, anything I need to enable to make the virtual accounts work? (the w3wp.exe process runs under this identity according to taskmgr, but I cannot use the account in NTFS security either...)

感谢您的支持帮助！

推荐答案

IIS APPPOOL \ AppPoolName将起作用，但如前所述，它似乎不是有效的AD名称，所以当你在选择用户或组对话框中搜索它时，它将不会显示（实际上，它会找到它，但它会认为它是一个实际的系统帐户，它会尝试对待它本身...这将无法正常工作，并会给你关于它没有找到的错误信息。）

The "IIS APPPOOL\AppPoolName" will work, but as mentioned previously, it does not appear to be a valid AD name so when you search for it in the "Select User or Group" dialog box, it won't show up (actually, it will find it, but it will think its an actual system account, and it will try to treat it as such...which won't work, and will give you the error message about it not being found).

我是如何让它工作的：

1. 在SQL Server Management Studio中，查找安全性文件夹（与以下级别相同的安全性文件夹）数据库，服务器对象等文件夹...不是每个单独数据库中的安全文件夹）


2. 右键单击登录并选择新登录


3. 在登录名字段，键入 IIS APPPOOL \YourAppPoolName - 不要单击搜索


4. 填写您喜欢的任何其他值（即身份验证类型，默认数据库等） 。）


5. 点击OK

1. In SQL Server Management Studio, look for the Security folder (the security folder at the same level as the Databases, Server Objects, etc. folders...not the security folder within each individual database)
2. Right click logins and select "New Login"
3. In the Login name field, type IIS APPPOOL\YourAppPoolName - do not click search
4. Fill whatever other values you like (i.e., authentication type, default database, etc.)
5. Click OK

只要AppPool名称确实存在，登录就应该现在被创建。

As long as the AppPool name actually exists, the login should now be created.

这篇关于将IIS 7 AppPool标识添加为SQL Server登录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！