我想使用集成身份验证从 Web 部件访问 SQL 数据库。 它应该使用 IIS 应用程序池标识。
默认情况下,您将收到错误:
System.Data.SqlClient.SqlException: Login failed for user 'SERVER\IUSR_VIRTUALMACHINE'.
因为在 web.config 中模拟设置为 true:
<identity impersonate="true" />
我可以将其设置为 false 并且数据库代码将起作用。 匿名访问的网站也可以使用。 但是,任何使用身份验证的 SharePoint 网站都会失败,因此这并不是真正的解决方案。
要解决此问题,我必须封装所有数据库访问代码以使用提升的权限运行,SharePoint 内部是如何做到这一点的? 不知何故,这似乎不是最高效的解决方案。
这仍然是一种方法,只需使用 SQL 安全性从 SharePoint 自定义 Web 部件访问数据库吗?
I would like to use integrated authentication to access a SQL database from a web part. It should use the IIS Application pool identity.
By default you will get the error:
System.Data.SqlClient.SqlException: Login failed for user 'SERVER\IUSR_VIRTUALMACHINE'.
Because in web.config impersonation is set to true:
<identity impersonate="true" />
I can set this to false and the database code will work. Anonymously accessed sites will also work. Any SharePoint site that uses authentication will fail however so this is not really a solution..
To solve this would I have to encapsulate all my database access code to run with elevated priviliges, is that how SharePoint does it internally? Somehow that doesn't seem like the most performant solution.
Is that still the way to go, just use SQL security to access databases from SharePoint custom web parts?
发布评论
评论(3)
web.config 文件中的
配置
并且 IIS 配置为允许匿名用户。 设置
正如 Lars 指出的那样,使用 SPSecurity.RunWithElevatedPrivileges 将实现您想要的效果。 我不相信您会看到对性能有任何明显的影响,但这是您可以测试的:-)
The
<identity />and<authentication />elements in the web.config file will together determine the account that is used in to connect to SQL Server when using integrated authentication.When
<authentication mode="Windows" />is configured, you're deferring to IIS to authenticate users. I'm guessing that your your web.config contains:and that IIS is configured to allow anonymous users. Setting
<identity impersonate="true" />causes IIS to pass the identity of the IIS anonymous access account to SQL Server.As Lars point out, using SPSecurity.RunWithElevatedPrivileges will achieve what you want. I don't believe you'll see any noticeable impact on performance but that's something you can test :-)
使用 SPSecurity.RunWithElevatedPrivileges 运行代码在应用程序池标识的上下文中。
Use SPSecurity.RunWithElevatedPrivileges to run your code in the context of the app pool identity.
这是不正确的。 因为
这里还发生了其他事情。 您可以发布自定义数据库的连接字符串吗? (当然减去私人数据)
This is incorrect. Because
<identity impersonate="true" />is set to true ASP.NET / IIS will run the thread as the user that is currently logged in (so not the app pool account but the actual user logged into the website).Something else is going on here. Could you post your connection string for the custom database? (minus the private data off course)