开发者

Does ADO in an asp.net web app always use the IIS service account to connect to SQL Server?

I have an ASP.NET web app where I use an ado sql connection to connect to a database on a SQL Server. The ado connection string is provided with a user login that has sufficient rights to read/write to the database. I originally pushed out the web app in its own IIS web site, using its own application pool and everything worked fine.

However, I am now trying to include the web app under an already existing web site. Everything seemed to work fine until I tried any functionality that called for an INSERT or UPDATE to the database. It turns out the user connecting to the DB didn't have sufficient permissions. Finding this strange, I did some research and found a forum post that suggested the IIS Web Site service account needed read/write permissions in th开发者_StackOverflow中文版e SQL database in order for an app to perform INSERT/UPDATE. Is this true?

I tested it out, and yes, indeed it worked, only with the Application Pool Identity account. The details of my scenario are as follows:

  • The web app's first IIS Web Site had an application pool Identity that ran under NETWORK SERVICE, which already had a login for SQL SERVER

  • The already existing web site's application pool Identity runs under a domain account. This site already runs another web app that connects to the same database using LINQ (developed by someone else). I am relatively new to web development and am more familiar with ADO, so that is the route I chose.

  • The domain account mentioned above formerly had no SQL Server login/user mapping. I set it up as a dbowner, and viola, the new web app worked under the existing web site.

While I found a way for it to work, we would rather not create a SQL login for this Identity account. We want the login provided in the web app's ADO SqlConnection to be the one to actually connect, because isn't that the point of it? Also, the fact that another web app using LINQ can connect just fine under the same web site leads us to believe this is possible. Any experts out there have two cents to offer on this issue?


SQL Server Windows Authentication is used when the connection string uses Integrated Security. If the authentication mode is SQL Server Authentication (login/password), then it doesn't matter what account is used.

This works by checking the Windows (Domain) Account of the process making the ADO connection.

In an ASP.Net web app, there are three accounts involved - IIS Service account, Web Site directory security account, Application Pool account. When connection to SQL Server, the process running ASP.NET web apps is w3wp.exe, which is run under the Application Pool, Identity account. This is the account you need to configure access for.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜