我有一个使用集成Windows身份验证的内部网站,该网站通过System.Directory.Services命名空间使用sql server和active目录查询。
要在ASP.NET中使用System.Directory.Services命名空间,我必须在具有正确权限的帐户下运行IIS,并且重要的是在Web配置中将模拟设置为true。 如果这样做,那么当我对AD进行查询时,将使用wroker进程(IIS)的凭据而不是ASPNET帐户,因此查询现在将成功。
现在,如果我也使用具有为集成安全性配置的连接字符串的Sql Server(“ Integrated Security=SSPI ”),那么这将解释ASP.NET模拟意味着我想要访问数据库作为Web请求的Windows凭据而不是工人的过程。
我希望我错了,我的配置错了,但我认为我没有,这似乎不一致?
应该注意的是,我正在使用IIS 5.1进行开发,而且显然我没有应用程序池的概念,我认为它可以解决问题。
I have an internal website that is using integrated windows authentication and this website uses sql server & active directory queries via the System.Directory.Services namespace.
To use the System.Directory.Services namespace in ASP.NET I have to run IIS under an account that has the correct privileges and importantly have impersonation set to true in the web config. If this is done then when I make a query against AD then the credentials of the wroker process (IIS) are used instead of the ASPNET account and therefore the queries will now succeed.
Now if I am also using Sql Server with a connection string configured for integrated security ('Integrated Security=SSPI') then this interprets the ASP.NET impersonation to mean that I want to access the database as the windows credentials of the web request not the worker process.
I hope I'm wrong and that I've got the config wrong, but I don't think I have and this seems not to be inconsistent?
It should be noted I'm using IIS 5.1 for development and obivously this doesn't have the concept of app-pools which I believe would resolve the problem.
最满意答案
如果您要模拟SPECIFIC用户,请在文档后面,将用户名和密码放在web.config文件中,以便它为所有请求使用相同的用户帐户。
Following the documentation if you want to impersonate a SPECIFIC user, you must put the username and password in the web.config file, so that it uses that same user account for all requests.
更多推荐
发布评论