授予 ASPNETDB.MDF SQL DB IIS_IUSRS 权限
遇到这种情况已经快秃头了!
我在 Windows 7 上使用 MS VS 2010 C# ASP.NET 和 MS SQL EXPRESS 2008、IIS 7。
我在页面上有 asp.net 登录控件。它在开发环境中运行得非常完美。
当我将站点移至 IIS 时,将显示登录 aspx 页面,并且一切似乎都工作正常。一旦我输入登录凭据(已在 MS VS Dev 服务器中的同一数据库上进行了测试)并单击“登录”,就会出现 IIS 错误,指出我没有权限。 (请参阅堆栈跟踪)
我做了一些挖掘,并了解到当 MSVS 为登录控件创建数据库时,它会向当前用户授予权限。因此,当我们将其移动到我们的生产服务器(它不是真正的服务器,它只是我们的一台 win 7 机器上的 IIS 进行测试)并尝试通过互联网登录时,似乎 IIS_IUSRS 没有权限。
我尝试过的事情
1:从解决方案中分离数据库,将其附加到 SQL Server 管理器中,并尝试在那里设置权限。根本无法识别 IIS_IUSRS 帐户。 (我也尝试了计算机名称/IIS_IUSRS)。这可能是有道理的,因为 IIS_IUSRS 并不是真正的 Windows 帐户。我在尝试授予 NT AUTHORITY 权限时也遇到了同样的问题。
- 我在想如果我能以某种方式从 IIS_IUSRS 创建数据库,它会自动为我找出管道,但不确定从哪里开始,或者是否可能。
这是我用来连接到数据库的连接字符串:
<connectionStrings>
<remove name="ApplicationServices"/>
<add name="ApplicationServices" connectionString="data source=.\SQLEXPRESS;Integrated Security=True;AttachDBFilename=|DataDirectory|\aspnetdb.mdf;User Instance=true" providerName="System.Data.SqlClient" />
</connectionStrings>
非常感谢任何帮助,我一直在卡住了相当长一段时间了。
Have been getting pretty bald over this situation!
I am using MS VS 2010 C# ASP.NET, and MS SQL EXPRESS 2008, IIS 7 on Windows 7.
I have the asp.net login control on a page. It works quite flawlessly in development environment.
When I move the site to IIS, the login aspx page is displayed and all seems to be working fine. As soon as I put in my login credentials (which have been tested on the same database in MS VS Dev server) and click login, I am presented with an IIS error that states I do not have permission. (Please see stack trace)
I have done some digging, and read that when MSVS creates the database for the login control, it gives permissions to the current user. Therefore, when we move this to our production server (its not really a server, its just IIS on one of our win 7 machines to test) and try to login via the internet, it seems as if IIS_IUSRS does not have permissions.
Things I have tried
1: Detaching the database from the solution, attaching it in SQL Server Manager, and trying to set the permissions there. Couldn't recognize IIS_IUSRS account at all. (I tried computer name / IIS_IUSRS too). This probably makes sense since IIS_IUSRS is not really a windows account. I also had the same issues trying to give permissions for NT AUTHORITY.
- I was thinking if I could somehow create the database from IIS_IUSRS it will automatically figure out the plumbing for me, but wasn't sure where to start here, or if thats possible.
This is my connection string that I am using to connect to the db:
<connectionStrings>
<remove name="ApplicationServices"/>
<add name="ApplicationServices" connectionString="data source=.\SQLEXPRESS;Integrated Security=True;AttachDBFilename=|DataDirectory|\aspnetdb.mdf;User Instance=true" providerName="System.Data.SqlClient" />
</connectionStrings>
Any help is greatly appreciated, I have been stuck for quite some time now.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
这可能有点具体,但在这种组合中肯定有一些针对其他人的解决方案。以下是我将我的 asp.net 网站从开发环境(MS VS 2010、SQLEXPRESS)移植到 IIS 7 所要做的事情。
这将解释如何在一个网站(Website1 和 Website2)下设置两个 Web 应用程序)。 Website1 将使用 aspnetdb.mdf(由 Visual Studio 创建),而 Website2 将使用在 MS SQL Server 2008 中手动创建的 website2 数据库。为了便于操作,我们还将把 aspnetdb.mdf 移植到 sql server 2008。
Website1 还将有权在 website2 上创建文件和目录。
第 1 节 IIS 设置
****第 1 步:****
在 wwwroot 中创建一个新文件夹来保存这两个应用程序(我们称之为网站)
复制粘贴 website2 和 website1 的“WebSites”文件夹。
第 2 步:
网站1的应用程序池
如果尚未创建,请创建应用程序池并将其配置为使用.NET Framework 4.0,集成管道模式,我们将其称为asp4。
网站2的应用程序池
当前使用 website1 的应用程序池
第 3 步:
添加 website1
在 IIS MANAGER 中,添加新网站。将其物理目录指向我们刚刚复制到根目录下的新文件夹中的 website1(第 1 节,步骤 1)。
选择 website1 的应用程序池,请参阅第 1 节第 2 步。
我们将站点名称设置为与物理目录相同(website1)。
验证其他要求,第 2 节 website1 DB 设置和 IIS 文件夹权限。
添加网站2
在IIS管理器中,右键单击我们刚刚创建的新网站应用程序,选择“添加虚拟目录”。
设置我们复制到包含两个应用程序的 wwwroot 上的新文件夹的 website2 文件夹的物理路径,请参阅第 1 节第 1 步。
转换为应用程序并选择 website1 的应用程序池,请参阅第 1 节第 2 步。
我们将别名设置为与物理路径文件夹相同的网站1。
目前,没有需要通过的连接要求。
验证其他要求第 3 部分 - website2 website2 的数据库设置
第 2 部分 website1 数据库设置和 IIS 文件夹权限
第 1 步 aspnetdb.mdf 调整:
注意:从现在开始,可能只使用最新的 aspnetdb.bak 文件。
通过右键单击数据库并附加数据库,将 aspnetdb.mdf 附加到 ms sql server 中。
第 2 步 - IIS 用户登录
如果未设置用户 - 第 4 节,步骤 1 为 IIS 用户创建数据库登录
如果未设置权限 - 第 4 节,第 2 步为 IIS 用户在数据库上设置权限< /em>
代码调整/验证
需要删除 web.config 中 MS VS 在连接字符串中自动生成的用户实例变量 (;User Instance=true)。
第 3 部分 - website2 website2 的数据库设置
确保数据库已在 MS SQL SERVER 上恢复
数据库要求
步骤 1
如果未设置用户 - 第 4 节,步骤 1 为 IIS 用户创建数据库登录
步骤 2
如果没有权限setup - 第 4 节,第 2 步设置 IIS 用户对数据库的权限
第 3 步文件夹权限(添加子站点 website2 后)
设置文件夹权限:由于 website1 写入文件和在 website2 中创建文件夹(其设置为始终在 website2 文件夹的父文件夹中查找)我们需要为服务器提供 IIS_IUSRS ,我们的权限是 (IIS_IUSRS(MIKE71\IIS_IUSRS) 权限。
在 IIS 中,右键单击嵌套应用程序 website2 并选择确保选中 IIS_IUSRS 的修改和写入权限。
第 4 部分 - 将 IIS 用户添加到数据库并授予权限。权限
步骤0 附加和恢复数据库
恢复数据库
从磁盘 = 'C:\trimweb.bak'
WITH REPLACE
第 1 步为 IIS 用户创建数据库登录
为什么?需要创建并允许 IIS APPOOL\asp4 用户拥有数据库权限,设置为数据读取器(在第一节第 2 步中创建的应用程序池)
如何:在 MS SQL SERVER 的安全部分中,需要右键单击用户并添加 IIS APPPOOL\asp4(IIS APPPOOL\apppoolname,在第一节第 2 步中创建)。
将 IIS 7 AppPool 身份添加为 SQL Server 登录
< strong>步骤 2 设置 IIS 用户对数据库的权限
右键单击数据库名称 (website2 db),然后单击属性。在权限部分添加您刚刚在第 4 部分第 1 步中创建的 APPPOOL 用户,请务必授予他“执行”和“选择”权限。
注意:Website1 还需要执行、选择、删除、插入权限。 Website2 也在使用这个应用程序池,但它不应该是这样,因为我们不需要允许用户从trimdynamics 应用程序中拥有这种功能。我们可以分离应用程序池,以便我们的动态 IIS USRS 仅获得执行和选择权限。
This may be a little specific, but there are most surely some solutions for others in this mix. Here is what I had to do to port my asp.net website from a Development environment (MS VS 2010, SQLEXPRESS) to IIS 7.
What this will explain, is how to set up two web application under one website (Website1, and Website2). Website1 will use aspnetdb.mdf (created by visual studio) and Website2 will use website2 database which was manually created in MS SQL Server 2008. We will be porting the aspnetdb.mdf to sql server 2008 as well for ease of manipulation.
Website1 will also have permissions to create files and directories on website2.
Section 1 IIS Setup
****Step 1:****
create a new folder in wwwroot to hold both applications (We called it websites)
Copy paste "WebSites" folders for website2 and website1.
Step 2:
App pool for website1
If not already created, create the Application pool and configure it to use .NET framework 4.0, Integrated pipeline mode, we called it asp4.
App pool for website2
Currently uses App pool for website1
Step 3:
Add website1
In IIS MANAGER, add new website. Point its physical directory to website1 that we just copied into the new folder on the root (Section 1, Step 1).
Select the application pool for website1, See Section 1, step 2.
We set the site name the same as the physical directory (website1).
Verify other requirements, Section 2 website1 DB Setup and IIS folder permissions.
Add website2
In IIS Manager, right click the new website application we just created, select "Add Virtual Directory".
Set the physical path to the website2 folder that we copied to our new folder on the wwwroot holding both applications, See Section 1, step 1.
Convert to application and select the application pool for website1, See Section 1, step 2.
We set the alias to the same as the physical path folder, website1.
Currently, there are no connection requirements to pass through.
Verify other requirements Section 3 - website2 Database setup for website2
Section 2 website1 DB Setup and IIS folder permissions
Step 1 aspnetdb.mdf adjustments:
Note: From now on will probably just use most recent aspnetdb.bak file.
Attach aspnetdb.mdf into ms sql server by rightclicking database's and attaching DB.
Step 2 - IIS User logon
If user is not set up - Section 4, Step 1 Create a DB Logon for the IIS USer
if permissions not setup - Section 4, Step 2 Setting Permissions for the IIS USER on the db
Code Adjustments / Verifications
need to remove user instance variable (;User Instance=true) auto generated in connection string by MS VS in web.config.
Section 3 - website2 Database setup for website2
Make sure DB is restored on MS SQL SERVER
Database requirements
Step 1
If user is not set up - Section 4, Step 1 Create a DB Logon for the IIS USer
Step 2
if permissions not setup - Section 4, Step 2 Setting Permissions for the IIS USER on the db
Step 3 Folder permissions (after child site website2 is added)
Set folder permissions : Since website1 writes files and creates folders in website2, (its set up to be always looking in the parent folder for website2 folder) we need to give server IIS_IUSRS , ours is (IIS_IUSRS(MIKE71\IIS_IUSRS) permissions.
From within IIS, rightclick the nested application website2 and select edit permissions. Ensure that modify and write priveledges are checked off for IIS_IUSRS.
Section 4 - Adding IIS user to databse and giving permissions
Step 0 Attaching and restoring the Databases
RESTORE DATABASE trimweb
FROM DISK = 'C:\trimweb.bak'
WITH REPLACE
Step 1 Create a DB Logon for the IIS USER
Why? Need create and allow IIS APPOOL\asp4 user to have permissions to databse, set as data reader (the application pool created in Section one, Step 2)
How: In the security section in MS SQL SERVER, need to right click users and add IIS APPPOOL\asp4 (IIS APPPOOL\apppoolname, created in Section one, Step 2).
Add IIS 7 AppPool Identities as SQL Server Logons
Step 2 Setting Permissions for the IIS USER on the db
Right click on the database name, (website2 db) and click properties. In permissions section add your APPPOOL user that you just created in Section 4, Step 1, be sure to give him Execute and Select permissions.
Note: Website1 needs Execute, Select, Delete, Insert permissions as well. Website2 is also using this app pool which it shouldnt be because we dont not need to alow the user to have that kind of functionality from within the trimdynamics application. We could seperate the app pools so that our trim dynamics IIS USRS is only getting Execute and Select permissions.
在生产 IIS 服务器上使用 SQLEXPRESS UserInstance 连接字符串的整个想法充满了困难。您需要做的是将数据库附加到生产环境中的真实 SQL Server,并使用不带“UserInstance”指令的常规 SQL Server 连接字符串。这是我对 SQLEXPRESS 的不满,因为它会给那些“认为”可以将本地开发环境移植到真实服务器的新手开发人员带来很多问题。几乎所有时候,你都做不到。
This whole idea of using a SQLEXPRESS UserInstance connection string on a production IIS server is fraught with difficulties. What you need to do is attach the database to the real SQL Server that is in your production environment and use a regular SQL server connection string without the "UserInstance" directive. This is my beef with SQLEXPRESS because it causes so many problems for beginning developers who "think" you can just port your local development environment to a real server. Almost all of the time, you cannot.