我有一個ASP.NET 4.0應用程序在「ASP.NET v4.0 Classic」應用程序池中的Windows 7/IIS 7.5上運行,該應用程序池配置爲作爲網絡服務運行。該應用程序具有連接到本地SQL Server實例的Application_EndRequest
處理程序。 SQL連接字符串指定Integrated Security=SSPI
。 Web.config確實不是有<identity impersonate="true" />
。ASP.NET模擬NT AUTHORITY IUSR但禁用模擬。 ASP.NET錯誤?
當我瀏覽到http://localhost/TestSite/
,以下拋出異常:
System.Data.SqlClient.SqlException (0x80131904): Login failed for user 'NT AUTHORITY\IUSR'.
...
at System.Data.SqlClient.SqlConnection.Open()
at Global.Application_EndRequest(Object sender, EventArgs e)
此異常是不當我瀏覽到http://localhost/TestSite/default.aspx
(在IIS配置的默認文件)或任何其他.aspx頁拋出;在這些情況下,應用程序會以「NT AUTHORITY \ NETWORK SERVICE」的身份正確連接到SQL Server,這是一個有效的登錄名。
即使禁用了模擬,ASP.NET爲什麼會在EndRequest中冒充「NT AUTHORITY \ IUSR」?這是ASP.NET中的錯誤嗎?
以下的Global.asax.cs文件演示了此問題:
public class Global : HttpApplication
{
public Global()
{
this.BeginRequest += delegate { Log("BeginRequest"); };
this.PreRequestHandlerExecute += delegate { Log("PreRequestHandlerExecute"); };
this.PostRequestHandlerExecute += delegate { Log("PostRequestHandlerExecute"); };
this.EndRequest += delegate { Log("EndRequest"); };
}
protected void Application_EndRequest(Object sender, EventArgs e)
{
try
{
using (SqlConnection connection = new SqlConnection("Server=.;Integrated Security=SSPI"))
{
connection.Open();
}
}
catch (Exception ex)
{
Trace.WriteLine(ex);
}
}
private static void Log(string eventName)
{
HttpContext context = HttpContext.Current;
Type impersonationContextType = typeof(HttpContext).Assembly.GetType("System.Web.ImpersonationContext", true);
Trace.WriteLine(string.Format("ThreadId={0} {1} {2} Impersonating={3}",
Thread.CurrentThread.ManagedThreadId,
context.Request.Url,
eventName,
impersonationContextType.InvokeMember("CurrentThreadTokenExists", BindingFlags.NonPublic | BindingFlags.Static | BindingFlags.GetProperty, null, context, null)));
}
}
這裏的跟蹤輸出:
ThreadId=3 http://localhost/TestSite/ BeginRequest Impersonating=False
ThreadId=3 http://localhost/TestSite/ PreRequestHandlerExecute Impersonating=False
ThreadId=7 http://localhost/TestSite/default.aspx BeginRequest Impersonating=False
ThreadId=7 http://localhost/TestSite/default.aspx PreRequestHandlerExecute Impersonating=False
ThreadId=7 http://localhost/TestSite/default.aspx PostRequestHandlerExecute Impersonating=False
ThreadId=7 http://localhost/TestSite/default.aspx EndRequest Impersonating=False
ThreadId=7 http://localhost/TestSite/ PostRequestHandlerExecute Impersonating=True
ThreadId=7 http://localhost/TestSite/ EndRequest Impersonating=True
System.Data.SqlClient.SqlException (0x80131904): Login failed for user 'NT AUTHORITY\IUSR'.
...
at System.Data.SqlClient.SqlConnection.Open()
at Global.Application_EndRequest(Object sender, EventArgs e)
注意,要TestSite/
請求(被映射到DefaultHttpHandler
),似乎產生一個嵌套請求TestSite/default.aspx
(它映射到ASP.default_aspx
)。 ASP.NET完成處理TestSite/default.aspx
後,它在恢復處理請求到TestSite/
時模擬「NT AUTHORITY \ IUSR」。
更新:我已將此問題提交至Microsoft Connect。
嘗試http://msdn.microsoft.com/en-us/library/ms998320.aspx – Arcturus
哪部分?我已經在IIS和SQL Server中設置了網絡服務。 –