SQL Server & IIS Trusted Connection Conflict with AD Groups and Logins

时间:2021-12-17 01:58:02

I have a weird situation. I want to connect to SQL Server through a website using IiS7. I also want a bunch of users to be able to connect to the database server through IIS via AD Group.

我有一个奇怪的情况。我想通过使用IiS7的网站连接到SQL Server。我还希望一大堆用户能够通过AD Group通过IIS连接到数据库服务器。

The issue is, I have to set Trusted_Connection=true in the web.config in order for SQLServer to know to use that users credentials as a windows account and not a sqlserver account. If this is not set to true, all users in that AD group will try authenticating via sql accounts.

问题是,我必须在web.config中设置Trusted_Connection = true,以便SQLServer知道将该用户凭据用作Windows帐户而不是sqlserver帐户。如果未设置为true,则该AD组中的所有用户都将尝试通过sql帐户进行身份验证。

However when I do this, IIS uses the APPPool as the user to connect to the DB and then it doesn't matter the credentials the user use to log in.

但是,当我这样做时,IIS使用APPPool作为用户连接到数据库,然后用户用来登录的凭据无关紧要。

I dont want to create an account per user. That would defeat the purpose.

我不想为每个用户创建一个帐户。那会破坏目的。

Please help, is there a workaround for this?

请帮忙,有解决方法吗?

Thanks!

谢谢!

1 个解决方案

#1


2  

Your IIS ASP application has to be configured to impersonate, see Configure ASP.NET Impersonation Authentication (IIS 7). In addition you have to configure constrained delegation since you'll be doing a 'double hop'. See How To: Use Protocol Transition and Constrained Delegation in ASP.NET

您的IIS ASP应用程序必须配置为模拟,请参阅配置ASP.NET模拟身份验证(IIS 7)。此外,您必须配置约束委派,因为您将进行“双跃点”。请参见如何:在ASP.NET中使用协议转换和约束委派

#1


2  

Your IIS ASP application has to be configured to impersonate, see Configure ASP.NET Impersonation Authentication (IIS 7). In addition you have to configure constrained delegation since you'll be doing a 'double hop'. See How To: Use Protocol Transition and Constrained Delegation in ASP.NET

您的IIS ASP应用程序必须配置为模拟,请参阅配置ASP.NET模拟身份验证(IIS 7)。此外,您必须配置约束委派,因为您将进行“双跃点”。请参见如何:在ASP.NET中使用协议转换和约束委派