ASPNET 访问SQL Server 2005 被拒 - 未名空间MITBBS历史存档

国际科技财经博客移民网络热点娱乐民生时事公众号

Redian新闻

>未名空间

>DotNet - 窗口里的风景

ASPNET 访问SQL Server 2005 被拒

ASPNET 访问SQL Server 2005 被拒# DotNet - 窗口里的风景

y*o2007-06-22 07:06

1 楼

I am testing dotnetcharting. I created a chartsample table in SQL Server 20
05 for this purpose.
My test application runs OK with the VS 2005 built-in web server. In other
words, I can check out my application like so:
http://localhost:3614/myTestApp/
I then copied the application to Inetpub\wwwroot\, and then when I tried to
check out this application like so:
http://localhost/myTestApp/
I get this error:
Server Error in '/myTestApp' Application.
Cannot open database "chartsample" requested b

a*t2007-06-22 07:06

2 楼

the quickest way is to grantlogin on the SQL server
and map the login to a user in your chartsample database
in SQL2005 managment studio, go to security, login
add a new login. and also give sufficient access to the target database

20
other
to

【在 y********o 的大作中提到】

: I am testing dotnetcharting. I created a chartsample table in SQL Server 20
: 05 for this purpose.
: My test application runs OK with the VS 2005 built-in web server. In other
: words, I can check out my application like so:
: http://localhost:3614/myTestApp/
: I then copied the application to Inetpub\wwwroot\, and then when I tried to
: check out this application like so:
: http://localhost/myTestApp/
: I get this error:
: Server Error in '/myTestApp' Application.

c*t2007-06-22 07:06

3 楼

use impersonale

20
other
to

【在 y********o 的大作中提到】

y*o2007-06-22 07:06

4 楼

do in web.config?

【在 c**t 的大作中提到】

: use impersonale
:
: 20
: other
: to

y*o2007-06-22 07:06

5 楼

Thx, I was trying to add a new login like what you said, but I wasn't able t
o add ASPNET. SQL Server complains that ASPNET is not a valid Windows NT na
me.
I selected SQL Server authentication, but still did not get through.

【在 a*******t 的大作中提到】

: the quickest way is to grantlogin on the SQL server
: and map the login to a user in your chartsample database
: in SQL2005 managment studio, go to security, login
: add a new login. and also give sufficient access to the target database
:
: 20
: other
: to

k*i2007-06-22 07:06

6 楼

create a sql server account and use it in your connection string.
Impersonate is not a good idea here because it uses much more resources in
connection pool

20
other
to

【在 y********o 的大作中提到】

y*o2007-06-22 07:06

7 楼

Thanks.
At home, I use SQL Server 2005 Express. I just checked, it
has MYCOMPUTERNAME\ASPNET. Look:
Security

x*p2007-06-22 07:06

8 楼

Don't use account ASPNET to access your database, it is unsafe. The correct
way is to create a special account for your web application, use aspnet_
setreg to encrypt it and save it in registry. You may find how to use it in
msdn.

y*o2007-06-22 07:06

9 楼

Thanks.
To change the default ASPNET user of an ASP.NET application is to add
"userName=my_New_ASPNET_UserName"
to the processModel element of machine.config, right?

correct
in

【在 x*p 的大作中提到】

: Don't use account ASPNET to access your database, it is unsafe. The correct
: way is to create a special account for your web application, use aspnet_
: setreg to encrypt it and save it in registry. You may find how to use it in
: msdn.

s*t2007-06-22 07:06

10 楼

mark一下。

k*i2007-06-22 07:06

11 楼

You don't need to change the default aspnet credential.
What you need to do is to change the credential in your connectionstring,
encrypt it and put the connectionstring in configuration file

【在 y********o 的大作中提到】

: Thanks.
: To change the default ASPNET user of an ASP.NET application is to add
: "userName=my_New_ASPNET_UserName"
: to the processModel element of machine.config, right?
:
: correct
: in

a92007-06-22 07:06

12 楼

why it's not safe?
aspnet has strong password created by .net framework

correct
in

【在 x*p 的大作中提到】

L*r2007-06-22 07:06

13 楼

There are a lot of ways to connect ASP.net to SQL server. It is depend on
your use case to pick up the suitable approach.
Impersonate: This approach has problem if the client is not in the same
Window domain. But it has the advantage that different client has different
permission to access SQL server.
Built SQL Server user name/pwd into connection string: This approach is not
safe in view of security. All clients have the same permission to access SQL
server.
Change the identity of ASP.net worke

y*o2007-06-22 07:06

14 楼

I have never encrypted the connection string. Would you please give more de
tails?
1. Do we encrypt the connection string with an encryption algorithm of our
choice?
2. And then put the encrypted connection string, presumably something like
"AE0139FADDE2AD009EADFEEAA23EAE61F329882E3F", in web.config?
3. Suppose it is the case that 2 is true, then don't we have to decrypt it
in the code behind like below?
SqlConnection conn =
new SqlConnection(DecryptMyConnectionString(myEncryptedConnection

【在 k****i 的大作中提到】

: You don't need to change the default aspnet credential.
: What you need to do is to change the credential in your connectionstring,
: encrypt it and put the connectionstring in configuration file

y*o2007-06-22 07:06

15 楼

I got it from google.

de
our
like
it
);

【在 y********o 的大作中提到】

: I have never encrypted the connection string. Would you please give more de
: tails?
: 1. Do we encrypt the connection string with an encryption algorithm of our
: choice?
: 2. And then put the encrypted connection string, presumably something like
: "AE0139FADDE2AD009EADFEEAA23EAE61F329882E3F", in web.config?
: 3. Suppose it is the case that 2 is true, then don't we have to decrypt it
: in the code behind like below?
: SqlConnection conn =
: new SqlConnection(DecryptMyConnectionString(myEncryptedConnection

k*e2007-06-22 07:06

16 楼

asp.net 2.0 has some built-in tool to use.

【在 y********o 的大作中提到】

: I got it from google.
:
: de
: our
: like
: it
: );

L*r2007-06-22 07:06

17 楼

You should get clear about this issue after reading the following link.
The approach 3 (SSPI) is the regular way unless you have other consideration.
http://msdn2.microsoft.com/en-us/library/ms998292.aspx

【在 y********o 的大作中提到】

: I got it from google.
:
: de
: our
: like
: it
: );