I have an internal website that is using integrated windows authentication and this website uses sql server & active directory queries via the System.Directory.Services
namespace.
To use the System.Directory.Services
namespace in ASP.NET I have to run IIS under an account that has the correct privileges and importantly have impersonation set to true in the web config. If this is done then when I make a query against AD then the credentials of the wroker process (IIS) are used instead of the ASPNET account and therefore the queries will now succeed.
Now if I am also using Sql Server with a connection string configured for integrated security ('Integrated Security=SSPI
') then this interp开发者_如何学Pythonrets the ASP.NET impersonation to mean that I want to access the database as the windows credentials of the web request not the worker process.
I hope I'm wrong and that I've got the config wrong, but I don't think I have and this seems not to be inconsistent?
It should be noted I'm using IIS 5.1 for development and obivously this doesn't have the concept of app-pools which I believe would resolve the problem.
Following the documentation if you want to impersonate a SPECIFIC user, you must put the username and password in the web.config file, so that it uses that same user account for all requests.
精彩评论