I have a weird situation. I want to connect to SQL Server through a website using IiS7. I also want a bunch of users to be able to connect to the database server through IIS via AD Group.
我有一个奇怪的情况。我想通过使用IiS7的网站连接到SQL Server。我还希望一大堆用户能够通过AD Group通过IIS连接到数据库服务器。
The issue is, I have to set Trusted_Connection=true in the web.config in order for SQLServer to know to use that users credentials as a windows account and not a sqlserver account. If this is not set to true, all users in that AD group will try authenticating via sql accounts.
问题是,我必须在web.config中设置Trusted_Connection = true,以便SQLServer知道将该用户凭据用作Windows帐户而不是sqlserver帐户。如果未设置为true,则该AD组中的所有用户都将尝试通过sql帐户进行身份验证。
However when I do this, IIS uses the APPPool as the user to connect to the DB and then it doesn't matter the credentials the user use to log in.
但是,当我这样做时,IIS使用APPPool作为用户连接到数据库,然后用户用来登录的凭据无关紧要。
I dont want to create an account per user. That would defeat the purpose.
我不想为每个用户创建一个帐户。那会破坏目的。
Please help, is there a workaround for this?
请帮忙,有解决方法吗?
Thanks!
谢谢!
1 个解决方案
#1
2
Your IIS ASP application has to be configured to impersonate, see Configure ASP.NET Impersonation Authentication (IIS 7). In addition you have to configure constrained delegation since you'll be doing a 'double hop'. See How To: Use Protocol Transition and Constrained Delegation in ASP.NET
您的IIS ASP应用程序必须配置为模拟,请参阅配置ASP.NET模拟身份验证(IIS 7)。此外,您必须配置约束委派,因为您将进行“双跃点”。请参见如何:在ASP.NET中使用协议转换和约束委派
#1
2
Your IIS ASP application has to be configured to impersonate, see Configure ASP.NET Impersonation Authentication (IIS 7). In addition you have to configure constrained delegation since you'll be doing a 'double hop'. See How To: Use Protocol Transition and Constrained Delegation in ASP.NET
您的IIS ASP应用程序必须配置为模拟,请参阅配置ASP.NET模拟身份验证(IIS 7)。此外,您必须配置约束委派,因为您将进行“双跃点”。请参见如何:在ASP.NET中使用协议转换和约束委派