locked
after deploy on the server,the user name of I connection string of "integrated Security=SSPI" is changed. RRS feed

  • Question

  • User444096333 posted

    hi

       may i ask a question.i log in windows with username "DOMANI\martin".and i have a web project.when i debug it in local host ,i found when i use  connection string  of database "integrated Security=SSPI",the user name is "martin"

    but when   i publish this web project on a server(the name,"server-deploy"),then i found that when i use a connection string  of database "integrated Security=SSPI",it became "DOMANI\server-deploy"

      could anyone help me to resolve this problem? thank u very much in advance for ur kindness help

    best regards

    martin

    Wednesday, November 20, 2013 10:04 AM

Answers

  • User444096333 posted

    hi

       thank u very much for ur reply

       i have enabled Kerberos on IIS7 and it works

    best regards

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, November 22, 2013 6:34 AM
  • User753101303 posted

    Hi,

    Try to add <identity impersonate="true" />  in your web.config file. See  http://msdn.microsoft.com/en-us/library/aa292118(v=vs.71).aspx for details.

    Note that this is to be done only if it is required by the application design: "Impersonation can significantly affect performance and scaling. It is generally more expensive to impersonate a client on a call than to make the call directly."

    It's expected on your dev box as the web server runs under the current Windows account rather than under a predefined account...

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, November 22, 2013 7:02 AM

All replies

  • User-1853252149 posted

    That's as expected.  You will need to run the app pool under the account you want to use if using integrated security.  On the dev server, it runs as the logged in user.  On the deployment server, it runs as the app pool account.

    Jeff

    Wednesday, November 20, 2013 11:00 AM
  • User444096333 posted

    hi Jeff

      thank u very much for ur reply

      but how can i avoid this? that is to say,i would like that in deploy server,when "integrated Security=SSPI",is it possible the user is not ser but the logged window user?thank u very much

    Wednesday, November 20, 2013 11:09 AM
  • User-1454326058 posted

    Hi martinwang,

    Thanks for your post!

    In my opinion, I think the user that the database used is who logged on the server.

    About change the log type of website, you can try follow these steps below:

    1. Right click the Application pool that the website used and select Adavanced Settings

    2. Find the Identity in the Process Model section.

    3. Modify the value to LocalSystem.

    On the other hand, if you want get the logged user in the code, I think you should enable IIS basic authentication/IIS digest authentication/IIS integrated Windows, for more information, please refer to:

    http://msdn.microsoft.com/en-us/library/ff649264.aspx

    There is a link that may benefit you:

    # Configure Windows Authentication

    http://technet.microsoft.com/en-us/library/cc754628(v=ws.10).aspx  

    Thanks

    Best Regards

     

     

    Thursday, November 21, 2013 2:34 AM
  • User444096333 posted

    hi

       thank u very much for ur kindness reply

      welli folloewed ur suggestion

     Process Model section-> LocalSystem.

    and ""Windows autentication"

      but stil doesnt work

     could u help me again?

      thank u very much

    Thursday, November 21, 2013 4:17 AM
  • User444096333 posted

    hi

      may i explain more detail my situation

    i log in windows with username "DOMAIN\martin".and i have a web project.when i debug it in local host ,i found when i use  connection string  of database "integrated Security=SSPI",the user name is "DOMAIN\martin" <div class="comment-right-col"> <div>

        but when   i publish this web project on a server(the name,"server-deploy"),then i found that when i use a connection string  of database "integrated Security=SSPI" or "Trusted_Connection=Yes",with web config file <authentication mode="Windows" />    <identity impersonate="true"/>

       but i was told error Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.is it possible that when connect with database the user is "DOMAIN\martin"?

      thank u very much again

    Thursday, November 21, 2013 4:22 AM
  • User-1426144113 posted

    Hi,

      i publish this web project on a server

    is it possible that when connect with database the user is "DOMAIN\martin"?

    What the user account that you logged on the server machine?

    It will use the current user account. For example,  DOMAIN\martin logged on the server machine, it will use the DOMAIN\martin account.

    Using the SQL authentication is the better way.

    BTW: How do you know the account that connect to the database. Do youu use the SQL Server Profiler?

    Thanks

    Friday, November 22, 2013 12:53 AM
  • User444096333 posted

    hi

       thank u very much for ur reply

       i have enabled Kerberos on IIS7 and it works

    best regards

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, November 22, 2013 6:34 AM
  • User753101303 posted

    Hi,

    Try to add <identity impersonate="true" />  in your web.config file. See  http://msdn.microsoft.com/en-us/library/aa292118(v=vs.71).aspx for details.

    Note that this is to be done only if it is required by the application design: "Impersonation can significantly affect performance and scaling. It is generally more expensive to impersonate a client on a call than to make the call directly."

    It's expected on your dev box as the web server runs under the current Windows account rather than under a predefined account...

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, November 22, 2013 7:02 AM
  • User444096333 posted

    hi

      thank u very much . i added add <identity impersonate="true" />   and set enable of delegation and it works

    best regards

    Friday, November 22, 2013 7:52 AM