使用域用户的 SQL 连接字符串?
以前,对于我们所有的 ASP.NET 应用程序,我们一直在 SQL Server 中使用 sysadmin 用户来连接和添加/更新/删除/获取数据。我们的 SQL 管理员想要删除该帐户并创建一个域帐户,以便我们可以在 .net 应用程序中使用该帐户。
我当前的连接字符串是:
name="name" connectionString="Data Source=server;Initial Catalog=database;Persist Security Info=True;User ID=user;Password=password" providerName="System.Data.SqlClient"
使用域帐户的连接字符串是什么?
我尝试过:
name="name" connectionString="Data Source=server;Initial Catalog=database;Persist Security Info=True;User ID=domain\user;Password=password" providerName="System.Data.SqlClient"
但不起作用。
是否有其他方法可以使用域帐户连接到 SQL Server?
Previously for all our asp.net applications we have been using a sysadmin user within SQL Server to connect and add/update/delete/get data. Our SQL Admin wants to delete that account and create a Domain Account so we can use that account within our .net applications.
My current connection string is:
name="name" connectionString="Data Source=server;Initial Catalog=database;Persist Security Info=True;User ID=user;Password=password" providerName="System.Data.SqlClient"
What would the connection string be for using a domain account?
I tried:
name="name" connectionString="Data Source=server;Initial Catalog=database;Persist Security Info=True;User ID=domain\user;Password=password" providerName="System.Data.SqlClient"
and it does not work.
Is there a different way to connect to SQL Server using a domain account?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(6)
查看 connectionstrings.com 了解每种可能的变化 - 我一直使用的非常方便的资源
具体来说,您想要这种格式:
当然,只有当相关域帐户是打开连接的帐户时,这种格式才有效。
没有简单的方法可以使用任意凭据进行连接 - 但您可以模拟有问题的用户,然后进行连接。
这可能有点痛苦。如果用户位于本地网络(或者您控制他们的浏览器配置),另一种选择是在您的站点上使用 Kerberos 身份验证。这些页面将具有相关用户的权限 - 然后您可以使用上面的连接字符串,IIS 将使用每个用户的适当凭据连接到数据库。从安全角度来看,这特别有用,因为数据库能够基于每个用户进行审核,并且权限可以是每个用户/行/列,而不仅仅是每个应用程序。
Have a look at connectionstrings.com for every possible variation - a very handy resource I use all the time
Specifically, you want this format:
This, of course, only works if the domain account in question is the one opening the connection.
There's no easy way to connect with arbitrary credentials - but you can impersonate the user in question and then connect.
This can be a bit of a pain. An alternative if the users are on the local network (or you control their browser config) is to use Kerberos authentication on your site. The pages will be served with the relevant user's permissions - then you can use the connection string above and IIS will connect to the Db with the appropriate credentials for each user. This is particularly useful from a security perspective as the Db is able to audit on a per-user basis, and permissions can be per-user/row/column instead of only per-app.
如果您想使用不同的用户帐户,那么登录用户有两个选择。
您可以将用户添加到应用程序池标识。
为此,请转到应用程序池的高级设置并编辑身份以使用您想要的用户。
在 Web 配置中添加此内容:
并使用此连接搅拌:
有关更多详细信息,请参阅:
https://msdn.microsoft.com/en-us/library/134ec8tc.aspx
还在这里找到了另一篇好文章
https://www.codeproject.com/tips/520341/implement -asp-net 中的模拟
If you want to use different user account then the logged in user you have two options.
You can add the user to Application pool Identity.
For this go to advance setting of application pool and edit the identity to use the user you want.
Add this in Web config:
And use this connection stirng:
For More Details See:
https://msdn.microsoft.com/en-us/library/134ec8tc.aspx
Also found another good article here
https://www.codeproject.com/tips/520341/implement-impersonation-in-asp-net
使用集成安全性:
有一个变体:
不同的连接字符串(针对各种数据库)可以在 connectionstrings.com 上找到。
对于这两者,您需要确保应用程序在您需要登录的帐户下运行。
Use integrated security:
Which has a variant:
The different connection strings (for a variety of databases) can be found on connectionstrings.com.
With both of these you need to ensure that the application is running under the account you need to login with.
是的,试试这个:
这指定您希望使用集成的 Windows 身份验证,而您仍在尝试使用 SQL Server 身份验证(即使您输入的用户名看起来像 Windows 域/用户帐户,SQL Server 仍将其视为标准 SQL Server 身份验证) )
另请查看 connectionstrings.com
Yes, try this:
This specifies that you wish to use integrated Windows authentication where you were still trying to use SQL Server authentication (even though the username you entered looked like a Windows domain / user account SQL server still treats it as standard SQL Server authentication)
Also take a look at connectionstrings.com
以上是针对 SQL Server 实例进行 Windows 身份验证的连接字符串。
The above is a connection string for Windows Authentication against your SQL Server instance.
最近尝试使用
Invoke-Sqlcmd通过 AAD 用户对 Azure Sql Server 进行身份验证时遇到了此问题。将身份验证方案添加到连接字符串中解决了这个问题。我怀疑此错误仅影响 SqlServer 模块 v21 及以下版本,因为我没有在本地计算机上使用 v22 获取它。“;身份验证=Active Directory 密码” Ran into this issue just recently trying to auth to an Azure Sql Server with an AAD user using
Invoke-Sqlcmd. Adding the auth scheme to the connection string resolved it. I suspect this bug only affects SqlServer module v21 and below as I was not getting it using v22 on my local machine."<ConnString>;Authentication=Active Directory Password"