If a connection string specifies Trusted_Connection=true with SQL Server authentication mode, will performance of my web application be impacted?
如果连接字符串指定了Trusted_Connection=true与SQL Server身份验证模式,那么我的web应用程序的性能会受到影响吗?
4 个解决方案
#1
100
Not 100% sure what you mean:
不是100%确定你的意思:
Trusted_Connection=True;
IS using Windows credentials and is 100% equivalent to:
使用Windows凭据,100%等同于:
Integrated Security=SSPI;
or
或
Integrated Security=true;
If you don't want to use integrated security / trusted connection, you need to specify user id and password explicitly in the connection string (and leave out any reference to Trusted_Connection or Integrated Security)
如果您不想使用集成的安全性/受信任连接,您需要在连接字符串中显式地指定用户id和密码(并保留对Trusted_Connection或集成安全性的任何引用)
server=yourservername;database=yourdatabase;user id=YourUser;pwd=TopSecret
Only in this case, the SQL Server authentication mode is used.
只有在这种情况下,才使用SQL Server身份验证模式。
If any of these two settings is present (Trusted_Connection=true or Integrated Security=true/SSPI), then the Windows credentials of the current user are used to authenticate against SQL Server and any user iD= setting will be ignored and not used.
如果存在这两个设置中的任何一个(Trusted_Connection=true或Integrated Security=true/SSPI),则使用当前用户的Windows凭据对SQL Server进行身份验证,任何用户iD=设置都将被忽略而不使用。
For reference, see the Connection Strings site for SQL Server 2005 with lots of samples and explanations.
有关参考,请参阅SQL Server 2005的连接字符串站点,其中包含大量示例和说明。
Using Windows Authentication is the preferred and recommended way of doing things, but it might incur a slight delay since SQL Server would have to authenticate your credentials against Active Directory (typically). I have no idea how much that slight delay might be, and I haven't found any references for that.
使用Windows身份验证是首选的和推荐的方法,但它可能会导致稍微延迟,因为SQL Server必须对Active Directory进行身份验证(通常)。我不知道会有多大的延迟,我也没有找到任何参考资料。
Summing up:
总结:
If you specify either Trusted_Connection=True; or Integrated Security=SSPI; or Integrated Security=true; in your connection string
如果您指定了Trusted_Connection=True;或集成安全= SSPI;或集成安全= true;在你的连接字符串
==> THEN (and only then) you have Windows Authentication happening. Any user id= setting in the connection string will be ignored.
=>然后(只有那时)才会发生Windows身份验证。将忽略连接字符串中的任何用户id=设置。
If you DO NOT specify either of those settings,
如果您没有指定其中任何一个设置,
==> then you DO NOT have Windows Authentication happening (SQL Authentication mode will be used)
==>则不存在Windows身份验证(将使用SQL身份验证模式)
#2
7
When you use trusted connections, username and password are IGNORED, because SQL Server using windows authentication.
当您使用可信连接时,用户名和密码被忽略,因为使用windows身份验证的SQL服务器。
#3
4
This will probably have some performance costs when creating the connection but as connections are pooled, they are created only once and then reused, so it won't make any difference to your application. But as always: measure it.
在创建连接时,这可能会有一些性能成本,但由于连接被池化,它们只被创建一次,然后被重用,因此对应用程序没有任何影响。但一如既往:测量它。
UPDATE:
更新:
There are two authentication modes:
有两种身份验证模式:
- Windows Authentication mode (corresponding to a trusted connection). Clients need to be members of a domain.
- Windows身份验证模式(对应于一个受信任的连接)。客户需要是域的成员。
- SQL Server Authentication mode. Clients are sending username/password at each connection
- SQL Server身份验证模式。客户端在每个连接上发送用户名/密码
#4
1
If your web application is configured to impersonate a client, then using a trusted connection will potentially have a negative performance impact. This is because each client must use a different connection pool (with the client's credentials).
如果您的web应用程序配置为模拟客户端,那么使用可信连接可能会对性能产生负面影响。这是因为每个客户机必须使用不同的连接池(使用客户机的凭据)。
Most web applications don't use impersonation / delegation, and hence don't have this problem.
大多数web应用程序不使用模拟/委托,因此不存在这个问题。
See this MSDN article for more information.
有关更多信息,请参阅这篇MSDN文章。
#1
100
Not 100% sure what you mean:
不是100%确定你的意思:
Trusted_Connection=True;
IS using Windows credentials and is 100% equivalent to:
使用Windows凭据,100%等同于:
Integrated Security=SSPI;
or
或
Integrated Security=true;
If you don't want to use integrated security / trusted connection, you need to specify user id and password explicitly in the connection string (and leave out any reference to Trusted_Connection or Integrated Security)
如果您不想使用集成的安全性/受信任连接,您需要在连接字符串中显式地指定用户id和密码(并保留对Trusted_Connection或集成安全性的任何引用)
server=yourservername;database=yourdatabase;user id=YourUser;pwd=TopSecret
Only in this case, the SQL Server authentication mode is used.
只有在这种情况下,才使用SQL Server身份验证模式。
If any of these two settings is present (Trusted_Connection=true or Integrated Security=true/SSPI), then the Windows credentials of the current user are used to authenticate against SQL Server and any user iD= setting will be ignored and not used.
如果存在这两个设置中的任何一个(Trusted_Connection=true或Integrated Security=true/SSPI),则使用当前用户的Windows凭据对SQL Server进行身份验证,任何用户iD=设置都将被忽略而不使用。
For reference, see the Connection Strings site for SQL Server 2005 with lots of samples and explanations.
有关参考,请参阅SQL Server 2005的连接字符串站点,其中包含大量示例和说明。
Using Windows Authentication is the preferred and recommended way of doing things, but it might incur a slight delay since SQL Server would have to authenticate your credentials against Active Directory (typically). I have no idea how much that slight delay might be, and I haven't found any references for that.
使用Windows身份验证是首选的和推荐的方法,但它可能会导致稍微延迟,因为SQL Server必须对Active Directory进行身份验证(通常)。我不知道会有多大的延迟,我也没有找到任何参考资料。
Summing up:
总结:
If you specify either Trusted_Connection=True; or Integrated Security=SSPI; or Integrated Security=true; in your connection string
如果您指定了Trusted_Connection=True;或集成安全= SSPI;或集成安全= true;在你的连接字符串
==> THEN (and only then) you have Windows Authentication happening. Any user id= setting in the connection string will be ignored.
=>然后(只有那时)才会发生Windows身份验证。将忽略连接字符串中的任何用户id=设置。
If you DO NOT specify either of those settings,
如果您没有指定其中任何一个设置,
==> then you DO NOT have Windows Authentication happening (SQL Authentication mode will be used)
==>则不存在Windows身份验证(将使用SQL身份验证模式)
#2
7
When you use trusted connections, username and password are IGNORED, because SQL Server using windows authentication.
当您使用可信连接时,用户名和密码被忽略,因为使用windows身份验证的SQL服务器。
#3
4
This will probably have some performance costs when creating the connection but as connections are pooled, they are created only once and then reused, so it won't make any difference to your application. But as always: measure it.
在创建连接时,这可能会有一些性能成本,但由于连接被池化,它们只被创建一次,然后被重用,因此对应用程序没有任何影响。但一如既往:测量它。
UPDATE:
更新:
There are two authentication modes:
有两种身份验证模式:
- Windows Authentication mode (corresponding to a trusted connection). Clients need to be members of a domain.
- Windows身份验证模式(对应于一个受信任的连接)。客户需要是域的成员。
- SQL Server Authentication mode. Clients are sending username/password at each connection
- SQL Server身份验证模式。客户端在每个连接上发送用户名/密码
#4
1
If your web application is configured to impersonate a client, then using a trusted connection will potentially have a negative performance impact. This is because each client must use a different connection pool (with the client's credentials).
如果您的web应用程序配置为模拟客户端,那么使用可信连接可能会对性能产生负面影响。这是因为每个客户机必须使用不同的连接池(使用客户机的凭据)。
Most web applications don't use impersonation / delegation, and hence don't have this problem.
大多数web应用程序不使用模拟/委托,因此不存在这个问题。
See this MSDN article for more information.
有关更多信息,请参阅这篇MSDN文章。