Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
778 views
in Technique[技术] by (71.8m points)

iis 7 - Add IIS 7 AppPool Identities as SQL Server Logons

I'm running an IIS 7 Website with an AppPool of Integrated Pipeline Mode. The AppPools does NOT run under NetworkService, etc.. identity (by purpose), but uses its own AppPool Identitiy (IIS AppPoolMyAppPool).

This is a so called service account or virtual account. (a user account, which is not a full account...)

I'd like to give this service account (IIS AppPoolMyAppPool) permissions to connect to my SQL Server 2008 Express (running in Mixed Auth. Mode).

While SQL Server can add any normal user account, the IIS AppPoolMyAppPool virtual account cannot be added to the valid logons (SQL Server says, that the account cannot be found).

Is there any trick, anything I need to enable to make the virtual accounts work? (the w3wp.exe process runs under this identity according to taskmgr, but I cannot use the account in NTFS security either...)

Thanks for your help!

Question&Answers:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

The "IIS APPPOOLAppPoolName" will work, but as mentioned previously, it does not appear to be a valid AD name so when you search for it in the "Select User or Group" dialog box, it won't show up (actually, it will find it, but it will think its an actual system account, and it will try to treat it as such...which won't work, and will give you the error message about it not being found).

How I've gotten it to work is:

  1. In SQL Server Management Studio, look for the Security folder (the security folder at the same level as the Databases, Server Objects, etc. folders...not the security folder within each individual database)
  2. Right click logins and select "New Login"
  3. In the Login name field, type IIS APPPOOLYourAppPoolName - do not click search
  4. Fill whatever other values you like (i.e., authentication type, default database, etc.)
  5. Click OK

As long as the AppPool name actually exists, the login should now be created.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...