连接字符串中的集成安全性
我只是尝试使用此连接字符串将 WCF 服务移至 Windows 身份验证
WCF 服务托管在 IIS (2003) 中,我在“目录安全性”下设置的用户就像我们为此应用程序设置的用户,该用户在 SQL 中具有权限设置。此应用程序的应用程序池设置在“网络服务”用户下运行,但在尝试使用该服务时出现此异常。
System.Data.SqlClient.SqlException:用户“Domain\MAchineName$”登录失败
我与我们的系统管理员交谈,他说用户名末尾的 $ 意味着如果尝试验证而不是用户,则机器本身。
关于为什么机器尝试进行身份验证而不是 IIS 中的用户设置有什么想法吗?
I just tried to move a WCF service to windows authentication using this connection string
<add name="MembershipConnection" connectionString="Data Source=DBADDRESS ;Initial Catalog=aspNetMembership;Persist Security Info=True;Integrated Security=SSPI;"/>
The WCF service is hosted in IIS (2003) and the user I have setup under 'Directory Security' as the user we have setup for this app that has permission setup in SQL. The Application Pool setup for this app is running under 'Network Service' user, but I get this exception when trying to use the service.
System.Data.SqlClient.SqlException: Login failed for user 'Domain\MAchineName$'
I talked to our system admin and he says that the $ at the end of the user-name means that the machine itself if trying to authenticate not the user.
any ideas on why the machine is trying to authenticate rather than the user setup in IIS?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
实际上,它的工作方式如广告所示:“网络服务”用户将作为任何远程连接的计算机进行身份验证。来自 msdn 文档此处:
如果您需要特定帐户,则需要创建它并将应用程序池设置为在该帐户下运行。
如果您想以用户身份进行身份验证,则需要设置委派。
Actually, it's working as advertised: The "Network Service" user will authenticate as the machine for any remote connections. From msdn docs on ithere :
If you want a specific account, you'll need to create it and set up the app pool to run under that account.
If you want to authenticate as the user, you'll need to set up delegation.
您需要配置您的服务来模拟调用者(简单的部分,例如使用
[OperationBehavior(Impersonation = ImpersonationOption.Required)]
),然后您需要设置 IIS 以进行受限委派。请参阅You need to configure your service to impersonate the caller (the easy part, eg. using
[OperationBehavior(Impersonation = ImpersonationOption.Required)]
) then you'll need to set up IIS for contrained delegation. See