问题描述
我的 ASP.NET v3.5 Web 应用程序在尝试打开与 SQL Server 2008 数据库的连接时抛出以下异常:
My ASP.NET v3.5 web application is throwing the following exception when it attempts to open a connection to a SQL Server 2008 database:
System.Data.SqlClient.SqlException:无法打开数据库MyDbName"登录请求.登录失败的.用户 NT 登录失败AUTHORITYIUSR'.
System.Data.SqlClient.SqlException: Cannot open database "MyDbName" requested by the login. The login failed. Login failed for user 'NT AUTHORITYIUSR'.
问题是,我已将 NT AUTHORITYIUSR
添加到服务器的登录列表和数据库的用户列表中.对于服务器,我已授予用户 Public 角色,对于数据库,我已授予 db_datareader
权限.
The thing is, I've added NT AUTHORITYIUSR
to the server's list of logins, and to the database's list of users. For the server, I've granted the user the Public role, and for the database I've granted db_datareader
permissions.
我也为 NT AUTHORITYNETWORK SERVICE
授予了相同的权限,这是应用程序池运行的身份.
I've also granted the same for NT AUTHORITYNETWORK SERVICE
, which is the identity that the application pool is running under.
Web 应用程序由 IIS7 托管,如果这有所不同的话.当 DB 和 IIS 也在同一台物理机器上时,问题重现.
The web application is hosted by IIS7, if that makes a difference. The problem repros when the DB and IIS are on the same physical machine as well.
推荐答案
这里的诀窍是 NT AUTHORITYNETWORK SERVICE
实际上在数据库中显示为 DOMAINNAMEMACHINENAME$
(注意 $
符号!).也就是说,当您从 Web 服务器跨越机器边界到 SQL Server 时,如果您使用 NETWORK SERVICE
或 LOCAL SYSTEM
帐户,SQL Server 会看到机器帐户.如果您使用任何其他非域帐户,SQL Server 将不会收到您的凭据.
The trick here is that NT AUTHORITYNETWORK SERVICE
actually appears to the database as DOMAINNAMEMACHINENAME$
(note the $
sign!). That is, when you cross the machine boundary from your web server to the SQL Server, SQL Server sees the machine account if you use the NETWORK SERVICE
or LOCAL SYSTEM
accounts. If you use any other non-domain account, SQL Server will not receive your credentials.
我对您的错误消息感到有些困惑.说实话,我不认为当数据库在另一个盒子上时,除了 Login Failed for NT AUTHORITYANONYMOUS LOGON
之外,您不会看到任何其他内容.
I'm a bit puzzled by your error message. Truth be told, I don't think that when the DB is on another box, you'll see anything other than Login Failed for NT AUTHORITYANONYMOUS LOGON
.
IUSR
用于匿名网站,不能通过网络传递到 SQL Server.如果您在同一台机器上做所有事情,您可能会找到一种工作方式,但我永远不会知道,因为我永远不会那样做......;-)
IUSR
is used for anonymous websites, and can't pass over the wire to SQL Server. You may find a way for it to work if you're doing everything on the same machine, but I'd never know because I'd never do it that way... ;-)
这篇关于错误“用户 'NT AUTHORITYIUSR' 登录失败"在 ASP.NET 和 SQL Server 2008 中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持编程学习网!