Redian新闻
>
ASPNET 访问SQL Server 2005 被拒
avatar
ASPNET 访问SQL Server 2005 被拒# DotNet - 窗口里的风景
y*o
1
I am testing dotnetcharting. I created a chartsample table in SQL Server 20
05 for this purpose.
My test application runs OK with the VS 2005 built-in web server. In other
words, I can check out my application like so:
http://localhost:3614/myTestApp/
I then copied the application to Inetpub\wwwroot\, and then when I tried to
check out this application like so:
http://localhost/myTestApp/
I get this error:
Server Error in '/myTestApp' Application.
Cannot open database "chartsample" requested b
avatar
a*t
2
the quickest way is to grantlogin on the SQL server
and map the login to a user in your chartsample database
in SQL2005 managment studio, go to security, login
add a new login. and also give sufficient access to the target database

20
other
to

【在 y********o 的大作中提到】
: I am testing dotnetcharting. I created a chartsample table in SQL Server 20
: 05 for this purpose.
: My test application runs OK with the VS 2005 built-in web server. In other
: words, I can check out my application like so:
: http://localhost:3614/myTestApp/
: I then copied the application to Inetpub\wwwroot\, and then when I tried to
: check out this application like so:
: http://localhost/myTestApp/
: I get this error:
: Server Error in '/myTestApp' Application.

avatar
c*t
3
use impersonale

20
other
to

【在 y********o 的大作中提到】
: I am testing dotnetcharting. I created a chartsample table in SQL Server 20
: 05 for this purpose.
: My test application runs OK with the VS 2005 built-in web server. In other
: words, I can check out my application like so:
: http://localhost:3614/myTestApp/
: I then copied the application to Inetpub\wwwroot\, and then when I tried to
: check out this application like so:
: http://localhost/myTestApp/
: I get this error:
: Server Error in '/myTestApp' Application.

avatar
y*o
4
do in web.config?

【在 c**t 的大作中提到】
: use impersonale
:
: 20
: other
: to

avatar
y*o
5
Thx, I was trying to add a new login like what you said, but I wasn't able t
o add ASPNET. SQL Server complains that ASPNET is not a valid Windows NT na
me.
I selected SQL Server authentication, but still did not get through.

【在 a*******t 的大作中提到】
: the quickest way is to grantlogin on the SQL server
: and map the login to a user in your chartsample database
: in SQL2005 managment studio, go to security, login
: add a new login. and also give sufficient access to the target database
:
: 20
: other
: to

avatar
k*i
6
create a sql server account and use it in your connection string.
Impersonate is not a good idea here because it uses much more resources in
connection pool

20
other
to

【在 y********o 的大作中提到】
: I am testing dotnetcharting. I created a chartsample table in SQL Server 20
: 05 for this purpose.
: My test application runs OK with the VS 2005 built-in web server. In other
: words, I can check out my application like so:
: http://localhost:3614/myTestApp/
: I then copied the application to Inetpub\wwwroot\, and then when I tried to
: check out this application like so:
: http://localhost/myTestApp/
: I get this error:
: Server Error in '/myTestApp' Application.

avatar
y*o
7
Thanks.
At home, I use SQL Server 2005 Express. I just checked, it
has MYCOMPUTERNAME\ASPNET. Look:
Security
avatar
x*p
8
Don't use account ASPNET to access your database, it is unsafe. The correct
way is to create a special account for your web application, use aspnet_
setreg to encrypt it and save it in registry. You may find how to use it in
msdn.
avatar
y*o
9
Thanks.
To change the default ASPNET user of an ASP.NET application is to add
"userName=my_New_ASPNET_UserName"
to the processModel element of machine.config, right?

correct
in

【在 x*p 的大作中提到】
: Don't use account ASPNET to access your database, it is unsafe. The correct
: way is to create a special account for your web application, use aspnet_
: setreg to encrypt it and save it in registry. You may find how to use it in
: msdn.

avatar
s*t
10
mark一下。
avatar
k*i
11
You don't need to change the default aspnet credential.
What you need to do is to change the credential in your connectionstring,
encrypt it and put the connectionstring in configuration file

【在 y********o 的大作中提到】
: Thanks.
: To change the default ASPNET user of an ASP.NET application is to add
: "userName=my_New_ASPNET_UserName"
: to the processModel element of machine.config, right?
:
: correct
: in

avatar
a9
12
why it's not safe?
aspnet has strong password created by .net framework

correct
in

【在 x*p 的大作中提到】
: Don't use account ASPNET to access your database, it is unsafe. The correct
: way is to create a special account for your web application, use aspnet_
: setreg to encrypt it and save it in registry. You may find how to use it in
: msdn.

avatar
L*r
13
There are a lot of ways to connect ASP.net to SQL server. It is depend on
your use case to pick up the suitable approach.
Impersonate: This approach has problem if the client is not in the same
Window domain. But it has the advantage that different client has different
permission to access SQL server.
Built SQL Server user name/pwd into connection string: This approach is not
safe in view of security. All clients have the same permission to access SQL
server.
Change the identity of ASP.net worke
avatar
y*o
14
I have never encrypted the connection string. Would you please give more de
tails?
1. Do we encrypt the connection string with an encryption algorithm of our
choice?
2. And then put the encrypted connection string, presumably something like
"AE0139FADDE2AD009EADFEEAA23EAE61F329882E3F", in web.config?
3. Suppose it is the case that 2 is true, then don't we have to decrypt it
in the code behind like below?
SqlConnection conn =
new SqlConnection(DecryptMyConnectionString(myEncryptedConnection

【在 k****i 的大作中提到】
: You don't need to change the default aspnet credential.
: What you need to do is to change the credential in your connectionstring,
: encrypt it and put the connectionstring in configuration file

avatar
y*o
15
I got it from google.

de
our
like
it
);

【在 y********o 的大作中提到】
: I have never encrypted the connection string. Would you please give more de
: tails?
: 1. Do we encrypt the connection string with an encryption algorithm of our
: choice?
: 2. And then put the encrypted connection string, presumably something like
: "AE0139FADDE2AD009EADFEEAA23EAE61F329882E3F", in web.config?
: 3. Suppose it is the case that 2 is true, then don't we have to decrypt it
: in the code behind like below?
: SqlConnection conn =
: new SqlConnection(DecryptMyConnectionString(myEncryptedConnection

avatar
k*e
16
asp.net 2.0 has some built-in tool to use.

【在 y********o 的大作中提到】
: I got it from google.
:
: de
: our
: like
: it
: );

avatar
L*r
17
You should get clear about this issue after reading the following link.
The approach 3 (SSPI) is the regular way unless you have other consideration.
http://msdn2.microsoft.com/en-us/library/ms998292.aspx

【在 y********o 的大作中提到】
: I got it from google.
:
: de
: our
: like
: it
: );

相关阅读
logo
联系我们隐私协议©2024 redian.news
Redian新闻
Redian.news刊载任何文章,不代表同意其说法或描述,仅为提供更多信息,也不构成任何建议。文章信息的合法性及真实性由其作者负责,与Redian.news及其运营公司无关。欢迎投稿,如发现稿件侵权,或作者不愿在本网发表文章,请版权拥有者通知本网处理。