更新2
这个问题最初是模拟人员使用Web API吗? 这个问题的问题是是的,这样做。
但问题并不在于Web API,而是模仿自身。 (问题的描述如下)
但现在我想告诉别人有关解决方案。
我的控制器是异步的,我错误的前提是被模拟线程产生的任何线程与其父级具有相同的身份。默认情况下,它是假的:TPL不要跨线程流模拟。
可以启用模拟流程解释; web.config中的模拟会覆盖应用程序池中的标识。
在我看来,有一个很好的解释 here 使用哪一个:模拟或应用程序池
Update 2
This question originally was "Does impersonation work with Web API?" And the question to that question is "Yes, it does."
But the problem was not about Web API but impersonation itself. (The description of the problem is below)
But now I'd like to tell others about the solution.
My controllers are async and my mistaken premise was that any thread spawned by impersonated thread has the same identity as its parent. By default it is false: TPL does not flow impersonation across threads.
Impersonation flow can be enabled either programmatically or in configuration. Note, please, that changes should be made to aspnet.config file and not web.config of your application.
As this post states aspnet.config file can be set per application pool.
And this post the link to which kindly provided Andrew tells about the whole quest in more details.
To those of you who will turn impersonation on for the first time I'd like to note that IIS 7.5 has a very nice feature to enter credentials of impersonated account. These credentials are not needed in config file and it is sifficient to write only.
<identity impersonate="true"/>After entering credentials they will be automatically added to config file.
Original question:
I turned impersonation on and provided user credentials.
<identity impersonate="true" usernName="foo" password="bar"/>But when I connect to sql server via Entity Framework I get the error "Login failed for user {MachineName}$". That is EF runs under IUSR account. Meanwhile WindowsIdentity.GetCurrent() returns identity of 'foo' user.
Impersonated account has all needed permissions on SQL server where Windows authentiaction is enabled.
Moreover, if I disable impersonation and just set application pool to run with the credentials of this identity, everything works fine.
I cannot understand why it doesn't work when impersonation is on but AppPool runs under default account.
Update 1
EF Connection string is
<add name="PtKbEntities" connectionString="metadata=...;provider=System.Data.SqlClient;provider connection string="data source=...;initial catalog=...;Trusted_Connection=Yes;MultipleActiveResultSets=True;App=EntityFramework"" providerName="System.Data.EntityClient" />I host application on Win2008 Srv, IIS 7.5
解决方案As this answer explained; the impersonation in the web.config overrides the identity in the application pool.
In my opinion there is a fine explanation here which one to use: impersonation or application pool
更多推荐
ASP.NET WebAPI中的模拟和异步
发布评论