Classic ASP Integrated Security in connection string

前端未结

关注

 2  1904

不思量自难忘° 2020-12-19 14:14

I have old classic ASP application (not asp.net) that I need to configure to use Microsoft SQL Server 2008. It works well with following config string:

SERVE


      
      
        
          2条回答        

        
                    
            
            
                         
                
              
              
                
                   隐瞒了意图╮
                                             
                
                
                (楼主)
            
              
              
                2020-12-19 14:52
              

            
            
                        
Its a pity you haven't replied to my inquiry in a comment to your question so I will have to give a wider answer.  (Although HeavenCore has actually given you the correct connection string to use, the SQLOLEDB one).

When using anonymous access

When you run a Classic ASP website under anonymous access the security token that the thread executing the acript belongs to the IIS anonymous user.  This user by default on IIS5.1 is a local machine user.  As a result unless the SQL server is also running on the same box you can't use this user to grant access to a SQL Server.

You would need to create a new user in your domain to act as the anonymous account.  Then you would change the anonymous user for your application to this new account.  In SQL server you can then grant appropriate database access to this account.

If I recall correctly you can set the anonymous user account by opening the site properties.  In the Directory Security tab, click Edit.. under Authentication and access control.  In the authentication methods dialog that appears you can change the anonymous account to one that is a member of the domain.

When using windows integrated access

If you running classic ASP without anonymous access but instead are authenticating connections using window integrated security then each script will run using the security token of the authenticated user.  Hence when SSPI is used in the SQL connection the user associated with the connection the request has arrived on is used.

To give these users access the SQL DB you would need to create appropriate AD Group(s) and grant these Group(s) access to the DB.  Then assign the users to these Group(s).

The downside to this approach is that it gets limited benefit from connection caching however considering the rest of your configuration that may not be too much of a concern.
    
             
                                                        
            
            
              
                
                0
              
                   
                
               讨论(0)
              
                                                  
              
              
                          
             
       
          
              
                                       
     查看其它2个回答


            
                         
                    


               
            
    发布评论:
    
         
                        
    
    提交评论 
  
  

                    
                    
                    
                        
                        
                         加载中...
                        
                    
                
          
                              			
        
        
        
          
            
            
              
              
            
    


                                 
              
            
                          
    

        
         
                验证码
                
                  
                
                
                   看不清?
                
              
                                  
                    
   
                 
             
              提交回复