.net 用户 'DOMAIN\MACHINENAME$' 登录失败
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/2806438/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Login failed for user 'DOMAIN\MACHINENAME$'
提问by SventoryMang
I know this is almost a duplicate of : The error "Login failed for user 'NT AUTHORITY\IUSR'" in ASP.NET and SQL Server 2008and Login failed for user 'username' - System.Data.SqlClient.SqlException with LINQ in external project / class librarybut some things don't add up compared to other appliations on my server and I am not sure why.
我知道这几乎是重复的:错误“登录失败,用户NT AUTHORITY \ IUSR“”在ASP.NET和SQL Server 2008和用户登录失败“用户名” - System.Data.SqlClient.SqlException与LINQ中外部项目/类库,但与我服务器上的其他应用程序相比,有些事情并没有增加,我不知道为什么。
Boxes being used:
使用的箱子:
Web Box
SQL Box
SQL Test Box
网络盒
SQL 盒
SQL 测试盒
My Application:
我的应用程序:
I have an ASP.NET Web Application, which references a class library that uses LINQ-to-SQL. Connection string set up properly in the class library. As per Login failed for user 'username' - System.Data.SqlClient.SqlException with LINQ in external project / class libraryI also added this connection string to the Web Application.
我有一个 ASP.NET Web 应用程序,它引用了一个使用 LINQ-to-SQL 的类库。在类库中正确设置了连接字符串。根据用户“用户名”的登录失败 - System.Data.SqlClient.SqlException 与外部项目/类库中的 LINQ我也将此连接字符串添加到 Web 应用程序。
The connection string uses SQL credentials as so (in both web app and class library):
连接字符串使用 SQL 凭据(在 Web 应用程序和类库中):
<add name="Namespace.My.MySettings.ConnectionStringProduction"
connectionString="Data Source=(SQL Test Box);Initial Catalog=(db name);Persist Security Info=True;User ID=ID;Password=Password"
providerName="System.Data.SqlClient" />
This connection confirmed as working via adding it to Server Explorer. This is the connection string my .dbml file is using.
此连接通过将其添加到服务器资源管理器来确认有效。这是我的 .dbml 文件正在使用的连接字符串。
The problem:
问题:
I get the following error:
我收到以下错误:
System.Data.SqlClient.SqlException: Login failed for user 'DOMAIN\MACHINENAME$'.
Now referencing this The error "Login failed for user 'NT AUTHORITY\IUSR'" in ASP.NET and SQL Server 2008it says that's really the local network service and using any other non-domain name will not work.
现在引用这个错误“用户'NT AUTHORITY\IUSR'登录失败”在ASP.NET和SQL Server 2008中它说这真的是本地网络服务,使用任何其他非域名都不起作用。
But I am confused because I've checked both SQL Box and SQL Test Box SQL Management Studio and both have NT AUTHORITY/NETWORK SERVICEunder Security -> Logins, at the database level, that isn't listed under Security -> Users, but at the database level Security -> Users I have the user displayed in the connection string.
但是我很困惑,因为我已经检查了 SQL Box 和 SQL Test Box SQL Management Studio 并且都NT AUTHORITY/NETWORK SERVICE在安全 -> 登录下,在数据库级别,未在安全 -> 用户下列出,但在数据库级别安全-> 用户 我在连接字符串中显示了用户。
At NTFS level on web server, the permissions have NETWORK SERVICE has full control.
在 Web 服务器上的 NTFS 级别,权限具有 NETWORK SERVICE 具有完全控制权。
The reason why I am confused is because I have many other web applications on my Web Server, that reference databases on both SQL Box and SQL Test Box, and they all work. But I cannot find a difference between them and my current application, other than I am using a class library. Will that matter? Checking NTFS permissions, setup of Security Logins at the server and databases levels, connection string and method of connecting (SQL Server credentials), and IIS application pool and other folder options, are all the same.
我之所以感到困惑,是因为我的 Web 服务器上有许多其他 Web 应用程序,SQL Box 和 SQL Test Box 上的引用数据库,它们都可以工作。但是我找不到它们和我当前的应用程序之间的区别,除了我使用的是类库。那会重要吗?检查 NTFS 权限、在服务器和数据库级别设置安全登录、连接字符串和连接方法(SQL Server 凭据)以及 IIS 应用程序池和其他文件夹选项都是相同的。
Why do these applications work without adding the machinename$ to the permissions of either of my SQL boxes? But that is what the one link is telling me to do to fix this problem.
为什么这些应用程序可以在不将 machinename$ 添加到我的任何一个 SQL 框的权限中的情况下工作?但这就是一个链接告诉我要解决这个问题的方法。
回答by Remus Rusanu
NETWORK SERVICE and LocalSystem will authenticate themselves always as the correpsonding account locally (builtin\network service and builtin\system) but both will authenticate as the machine account remotely.
NETWORK SERVICE 和 LocalSystem 将始终将自己作为本地相应帐户(内置\网络服务和内置\系统)进行身份验证,但两者都将作为远程计算机帐户进行身份验证。
If you see a failure like Login failed for user 'DOMAIN\MACHINENAME$'it means that a process running as NETWORK SERVICE or as LocalSystem has accessed a remote resource, has authenticated itself as the machine account and was denied authorization.
如果您看到这样的失败,Login failed for user 'DOMAIN\MACHINENAME$'则意味着作为 NETWORK SERVICE 或 LocalSystem 运行的进程访问了远程资源,已将自身身份验证为机器帐户,但被拒绝授权。
Typical example would be an ASP application running in an app pool set to use NETWORK SERVICE credential and connecting to a remote SQL Server: the app pool will authenticate as the machinerunning the app pool, and is this machine account that needs to be granted access.
典型示例是在设置为使用 NETWORK SERVICE 凭据并连接到远程 SQL Server 的应用程序池中运行的 ASP 应用程序:应用程序池将作为运行应用程序池的计算机进行身份验证,并且该计算机帐户是否需要被授予访问权限.
When access is denied to a machine account, then access must be granted to the machine account. If the server refuses to login 'DOMAIN\MACHINE$', then you must grant login rights to 'DOMAIN\MACHINE$' not to NETWORK SERVICE. Granting access to NETWORK SERVICE would allow a localprocess running as NETWORK SERVICE to connect, not a remote one, since the remote one will authenticate as, you guessed, DOMAIN\MACHINE$.
当对机器帐户的访问被拒绝时,必须向该机器帐户授予访问权限。如果服务器拒绝登录 'DOMAIN\MACHINE$',则您必须授予 'DOMAIN\MACHINE$' 登录权限,而不是 NETWORK SERVICE。授予对 NETWORK SERVICE 的访问权限将允许作为 NETWORK SERVICE 运行的本地进程进行连接,而不是远程进程,因为远程进程将作为您猜想的 DOMAIN\MACHINE$ 进行身份验证。
If you expect the asp application to connect to the remote SQL Server as a SQL login and you get exceptions about DOMAIN\MACHINE$ it means you use Integrated Security in the connection string. If this is unexpected, it means you screwed up the connection strings you use.
如果您希望 asp 应用程序作为 SQL 登录名连接到远程 SQL Server 并且您收到有关 DOMAIN\MACHINE$ 的异常,则意味着您在连接字符串中使用了集成安全性。如果这是意外,则意味着您搞砸了您使用的连接字符串。
回答by Zain Ali
This error occurs when you have configured your application with IIS, and IIS goes to SQL Server and tries to login with credentials that do not have proper permissions. This error can also occur when replication or mirroring is set up. I will be going over a solution that works always and is very simple. Go to SQL Server >> Security >> Logins and right click on NT AUTHORITY\NETWORK SERVICE and select Properties
当您使用 IIS 配置应用程序并且 IIS 转到 SQL Server 并尝试使用没有适当权限的凭据登录时,会发生此错误。设置复制或镜像时也可能发生此错误。我将介绍一个始终有效且非常简单的解决方案。转到 SQL Server >> Security >> Logins 并右键单击 NT AUTHORITY\NETWORK SERVICE 并选择属性
In newly opened screen of Login Properties, go to the “User Mapping” tab. Then, on the “User Mapping” tab, select the desired database – especially the database for which this error message is displayed. On the lower screen, check the role db_owner. Click OK.
在新打开的登录属性屏幕中,转到“用户映射”选项卡。然后,在“用户映射”选项卡上,选择所需的数据库——尤其是显示此错误消息的数据库。在下方屏幕上,检查角色 db_owner。单击确定。
回答by nZeus
In my case I had Identity="ApplicationPoolIdentity"for my IIS Application Pool.
就我而言,我有Identity="ApplicationPoolIdentity"我的 IIS 应用程序池。
After I added IIS APPPOOL\ApplicationNameuser to SQL Server it works.
在我将IIS APPPOOL\ApplicationName用户添加到 SQL Server 之后,它就可以工作了。
回答by winy101
The trick that worked for me was to remove Integrated Securityfrom my connection string and add a regular User ID=userName; Password=passwordyour connection string in the App.configof your libruary might not be using integrated security but the one created in Web.configis!
对我有用的技巧是Integrated Security从我的连接字符串中删除并添加一个常规User ID=userName; Password=password连接字符串App.config,您的库中的连接字符串可能未使用集成安全性,但创建的连接字符串Web.config是!
回答by Raj Baral
Basically to resolve this we need to have some set up like
基本上要解决这个问题,我们需要进行一些设置,例如
- Web App Running under ApplicationPoolIdentity
- Web Application connecting to databases through ADO.Net using Windows Authentication in the connection string
- 在 ApplicationPoolIdentity 下运行的 Web 应用程序
- Web 应用程序在连接字符串中使用 Windows 身份验证通过 ADO.Net 连接到数据库
The connection string used with Windows authentication include either Trusted_Connection=Yesattribute or the equivalent attribute Integrated Security=SSPIin Web.configfile
使用Windows验证的连接字符串包含任何Trusted_Connection=Yes属性或属性等同Integrated Security=SSPI于Web.config文件
My database connection is in Windows Authentication mode. So I resolved it by simply changing the Application PoolsIdentity from ApplicationPoolIdentityto my domain log in credentials DomainName\MyloginId
我的数据库连接处于 Windows 身份验证模式。所以我通过简单地将应用程序池标识从ApplicationPoolIdentity更改为我的域登录凭据DomainName\MyloginId来解决它
Step:
步:
- Click on Application Pools
Select Name of your application
Go to Advanced Setting
- Expand Process Modeland click Identity. Click three dot on right end.
- Click Set...button and Provide your domain log in credentials
- 单击应用程序池
选择您的应用程序名称
进入高级设置
- 展开流程模型并单击身份。单击右端的三个点。
- 单击设置...按钮并提供您的域登录凭据
For me it was resolved.
对我来说已经解决了。
Note:In Production or IT environment, you might have service account under same domain for app pool identity. If so, use service account instead of your login.
注意:在生产或 IT 环境中,您可能在同一域下拥有应用程序池标识的服务帐户。如果是这样,请使用服务帐户而不是您的登录名。
回答by Julien P
A colleague had the same error and it was due to a little configuration error in IIS.
The wrong Application Pool was assigned for the web application.
一个同事有同样的错误,这是由于IIS中的一个小配置错误。
为 Web 应用程序分配了错误的应用程序池。
Indeed we use a custom Application Pool with a specific Identity to meet our needs.
事实上,我们使用具有特定身份的自定义应用程序池来满足我们的需求。
In his local IIS Manager -> Sites -> Default Web Site -> Our Web App Name -> Basic Settings... The Application Pool was "DefaultAppPool" instead of our custom Application Pool.
在他本地的 IIS 管理器 -> 站点 -> 默认网站 -> 我们的 Web 应用程序名称 -> 基本设置...应用程序池是“DefaultAppPool”而不是我们的自定义应用程序池。
Setting the correct application pool solved the problem.
设置正确的应用程序池解决了这个问题。
回答by simonm
I added <identity impersonate="true" />to my web.config and it worked fine.
我添加<identity impersonate="true" />到我的 web.config 并且它工作正常。
回答by Remco
For me the problem was resolved when I replaced the default Built-in account 'ApplicationPoolIdentity' with a network account which was allowed access to the database.
对我来说,当我用允许访问数据库的网络帐户替换默认的内置帐户“ApplicationPoolIdentity”时,问题得到了解决。
Settings can be made in Internet Information Server (IIS 7+) > Application Pools > Advanded Settings > Process Model > Identity
可以在 Internet Information Server (IIS 7+) > Application Pools > Advanced Settings > Process Model > Identity 中进行设置
回答by Arsen Khachaturyan
For me issue with 'DOMAIN\MACHINENAME$' fixed by setting DefaultApplicationPoolIdentity to NetworkService.
对我来说,通过将DefaultApplicationPoolIdentity设置为NetworkService.
回答by Philip Atz
We had been getting similar error messages while processing an Analysis Services database. It turned out that the username, which was used to run the Analysis Services instance, had not been added to the SQL Server's Security Logins.
在处理 Analysis Services 数据库时,我们一直收到类似的错误消息。结果表明,用于运行 Analysis Services 实例的用户名并未添加到 SQL Server 的安全登录名中。
In SQL Server 2012, the SQL Server and Analysis services are configured to run as different users by default. If you have gone with the defaults, always ensure that the AS user has access to your datasource!
在 SQL Server 2012 中,SQL Server 和分析服务默认配置为以不同用户身份运行。如果您使用默认值,请始终确保 AS 用户可以访问您的数据源!
