Window authentication in sql server and asp.net
I am using Window Authentication for sql database for my asp.net web application.but after i deploy my website to another c开发者_如何学Goomputer I'm unable to connect to the database.Is there any property for window authentication to set user name and password in web.config file.
Does this sound like your scenario?
- IIS web app built on local machine
- Web app uses windows authentication
- Web app talks to database also on local machine
- Web app users also have valid database logins
- Web app users credentials are passed to database via trusted connection
Everything works great. Then you move it to a different environment where the database and IIS are no longer on the same server and then you cannot get the database to recognize the credentials IIS is passing in?
If so, then welcome to my hell a few months ago. The problem is that once the two processes are not on the same box, they don't trust each other any more. Network administration permissions are required to get the two process to trust each other across server boundaries. Unfortunately, I didn't blog about it but the general steps were
- mark the IIS service account as trustworthy (Active directory setting)
- set the service principal name (SPN) to either the netbios name or FQDN
- something had to be set on both boxes to indicate they could trust each other
Sorry for the vague recollection and as I wasn't the one with credentials to fix anything, I only got to observe them clicking the buttons. The starting article on How to connect to SQL Server using Windows Authentication got us fairly far down the track.
This deals with the fact that on your developer box, you (or the anon user? or the user the develper web service spins up as?) is trusted by the local instance of SQL. But, when you deploy, the user ASP.NET runs under is not trusted.
Options
- As George mentioned, go with a SQL logon, not windows
- Set up a proper trust between the web server and SQL Server
- Impersonate a user for the data context (this can get complex, btw)
You are most likely using a trusted connection string, e.g.
Data Source=myServerAddress;Initial Catalog=myDataBase;Integrated Security=SSPI;
...as you are using windows authentication. You need to use a standard connection string. e.g.
SQL Server 2008:
Data Source=myServerAddress;Initial Catalog=myDataBase;User Id=myUsername;Password=myPassword;
Just be sure to set up a non-windows authentication user within SQL Server.
Authentication mode should be set in the web.config. Also, check if anonymous authentication is disabled or not.
<authentication mode="Windows"/>
精彩评论