问题描述
我正在运行一个带有 集成管道模式的 AppPool 的 IIS 7 网站.AppPools 不在 NetworkService 等身份下运行(按目的),而是使用自己的 AppPool 身份(IIS AppPoolMyAppPool).
I'm running an IIS 7 Website with an AppPool of Integrated Pipeline Mode. The AppPools does NOT run under NetworkService, etc.. identity (by purpose), but uses its own AppPool Identitiy (IIS AppPoolMyAppPool).
这是一个所谓的服务帐户或虚拟帐户.(用户帐户,不是完整帐户...)
This is a so called service account or virtual account. (a user account, which is not a full account...)
我想授予此服务帐户 (IIS AppPoolMyAppPool) 权限以连接到我的 SQL Server 2008 Express(以混合身份验证模式运行).
I'd like to give this service account (IIS AppPoolMyAppPool) permissions to connect to my SQL Server 2008 Express (running in Mixed Auth. Mode).
虽然 SQL Server 可以添加任何普通用户帐户,但 IIS AppPoolMyAppPool 虚拟帐户无法添加到有效登录中(SQL Server 表示找不到该帐户).
有什么技巧,我需要启用什么才能使虚拟帐户正常工作吗?(根据taskmgr,w3wp.exe进程在此身份下运行,但我也无法在NTFS安全中使用该帐户...)
Is there any trick, anything I need to enable to make the virtual accounts work? (the w3wp.exe process runs under this identity according to taskmgr, but I cannot use the account in NTFS security either...)
感谢您的帮助!
推荐答案
IIS APPPOOLAppPoolName"会起作用,但如前所述,它似乎不是有效的 AD 名称,因此当您在选择用户或组"对话框,它不会出现(实际上,它会找到它,但它会认为它是一个实际的系统帐户,它会尝试这样对待它......这是行不通的, 并且会给你关于它没有被发现的错误信息).
The "IIS APPPOOLAppPoolName" will work, but as mentioned previously, it does not appear to be a valid AD name so when you search for it in the "Select User or Group" dialog box, it won't show up (actually, it will find it, but it will think its an actual system account, and it will try to treat it as such...which won't work, and will give you the error message about it not being found).
我是如何让它工作的:
- 在 SQL Server Management Studio 中,查找 Security 文件夹(与数据库、服务器对象等文件夹处于同一级别的安全文件夹...而不是每个单独数据库中的安全文件夹)
- 右键单击登录并选择新登录"
- 在登录名字段中,输入 IIS APPPOOLYourAppPoolName - 不要点击搜索
- 填写您喜欢的任何其他值(即身份验证类型、默认数据库等)
- 点击确定
- In SQL Server Management Studio, look for the Security folder (the security folder at the same level as the Databases, Server Objects, etc. folders...not the security folder within each individual database)
- Right click logins and select "New Login"
- In the Login name field, type IIS APPPOOLYourAppPoolName - do not click search
- Fill whatever other values you like (i.e., authentication type, default database, etc.)
- Click OK
只要 AppPool 名称实际存在,现在就应该创建登录.
As long as the AppPool name actually exists, the login should now be created.
这篇关于将 IIS 7 AppPool 身份添加为 SQL Server 登录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持编程学习网!