如何让 ELMAH 与 SQL Server 一起使用(权限问题)
我已经让 ELMAH 在我的(Cassini)开发服务器上工作,并且对此非常满意,但现在我正尝试将所有内容移动到我的生产服务器(IIS7)上,蜜月看起来已经结束了。
我已经通过了 IIS7 的“陷阱”,坦率地说,它可以在文档中更好地突出显示,如果我只使用内存中的日志,那么它就可以工作。
但是,我试图让它使用 SQL Server 日志(就像我在开发系统上所做的那样),并且我收到了以下错误:
对象 ELMAH_GetErrorsXml 的 EXECUTE 权限被拒绝
好吧,很好。我知道如何授予数据库权限,但我真的很难理解我需要授予访问权限的用户和存储过程/表。
真正让我困惑的是,我不需要做这样的事情就可以让它在我的开发服务器上工作。我能看到的唯一区别是,在我的开发服务器上,它似乎以 NT AUTHORITY\IUSR 的身份连接,而在我的生产服务器上,它似乎以 NT AUTHORITY\NETWORK SERVICE 的身份连接。 (它只是使用可信连接,所以我没有明确配置它来做到这一点 - 我认为它与网络服务器有关)。 更新:我已经确定,因为我使用的是 Cassini,所以它实际上是以我(管理员)身份登录的,而不是 IUSR,这解释了为什么我没有遇到任何权限问题。
在我的开发服务器上,IUSR 帐户是公共数据库角色的成员,并且可以访问所需的数据库(再次作为“公共”)。没有明确授予对象级权限。 [参见上面的更新 - 这是无关紧要的]。
在我的生产服务器上,我以完全相同的方式添加了网络服务(公共数据库角色,以“公共”身份显式访问数据库)。但是,我收到此权限错误。为什么?!! [请参阅上面的更新 - 我没有收到权限错误的唯一原因是因为我以管理员身份运行]。
当然,如果它在本地工作只是“运气”,我将需要知道要授予访问哪些 SP/表的权限。我的猜测是所有 3 个 SP 而不是表格,但(再次)看到一些明确说明这一点的文档会很好。
I've got ELMAH working on my (Cassini) development server, and was quite happy with it, but now that I'm trying to move everything to my production server (IIS7), the honeymoon looks like being over.
I've got past the "gotcha" with IIS7, which frankly could have been better highlighted in the documentation, and if I just use the in-memory log then it works.
However, I'm trying to get it to use the SQL Server log (as I do on my development system), and I'm getting an error along the lines of:
The EXECUTE permission was denied on the object ELMAH_GetErrorsXml
Well, fine. I know how to grant database permissions, but I'm really struggling to understand which user and which stored procs/tables I need to grant access to.
The thing that's really confusing me is that I didn't have to do anything like this to get it to work on my development server. The only difference I can see is that on my development server it seems to connect as NT AUTHORITY\IUSR, whereas on my production server it seems to connect as NT AUTHORITY\NETWORK SERVICE. (It's just using a trusted connection so I've not explicitly configured it to do that - I presume it's to do with the web server). UPDATE: I've since established that because I'm using Cassini, it was actually logging in as me (an admin) and not IUSR, which explains why I didn't get any permission problems.
On my development server, the IUSR account is a member of the public database role, and has access to the required database (again as "public"). There's no explicit granting of object-level permissions. [See update above - this is irrelevant].
On my production server, I've added NETWORK SERVICE in exactly the same way (public database role, explicit access to the database as "public"). Yet, I get this permission error. Why?!! [See update above - the only reason I don't get a permission error is because I'm running as an admin].
And, of course, if the fact that it works locally is just "luck", I will need to know which SPs/tables to grant access to. My guess would be all 3 SPs and not the table, but it would be good (again) to see some documentation that makes this explicit.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
向用户 USER_NAME 授予执行权限所需的 sql 示例:
example of sql needed to give execute permission to the user USER_NAME:
您是否在 web.config 中为 ELMAH 提供了完整的连接字符串?如果是这样,您应该确切地知道要向哪个数据库用户授予权限,对吧?是的,权限是执行三个 ELMAH 存储过程...
这是我使用的配置:
Are you providing ELMAH with a full connectionstring in the web.config? If so, you should know exactly what db user to grant permissions to, right? And yes, permission would be to execute the three ELMAH stored procedures...
Here's a configuration that I've used: