理解SQL Server 2000的信任连接(Trusted connection)
2024-08-31 00:48:07
供稿:网友
我在用oledb方式连接sql server时, 用到连接字: "provider=sqloledb.1;data source=localhost;initial catalog=wroxbooks; trusted_connection=yes; user id=sa;password=;"
调用后一直无法正常连接。
asp.net错误描述:
* error while accessing data.
用户 'cxy/aspnet' 登录失败。
asp错误描述:
microsoft ole db provider for sql server (0x80040e4d)
用户 'cxy/iusr_cxy' 登录失败。
已确信所连接的数据源,帐号和口令都是正确的,根据出错描述,怎么连接会用
cxy/aspnet或cxy/iusr_cxy登录?(我已明确指定user id=sa;password=;),经过多
次试验,最后将连接字中的trusted_connection=yes;删除,连接成功!
如果明白sql server登录验证的原理, 就可以知道trusted connection的含义。
在sql server architecture(sql server架构)登录篇中有关于authenticating logins(登录验证)的讲述, 摘录如下:
......
sql server 2000 uses two types of authentication: windows authentication
and sql server authentication.
......
when using windows authentication, you do not have to specify a login id
or password when you connect to sql server 2000. your access to sql
server 2000 is controlled by your windows nt or windows 2000 account or
group, which is authenticated when you log on to the windows operating
system on the client.
when you connect, the sql server 2000 client software requests a windows
trusted connection to sql server 2000. windows does not open a trusted
connection unless the client has logged on successfully using a valid
windows account. the properties of a trusted connection include the
windows nt and windows 2000 group and user accounts of the client that
opened the connection. sql server 2000 gets the user account information
from the trusted connection properties and matches them against the
windows accounts defined as valid sql server 2000 logins. if sql server
2000 finds a match, it accepts the connection. when you connect to sql
server 2000 using windows 2000 authentication, your identification is
your windows nt or windows 2000 group or user account.
sql server 2000采用两种不同的验证方式:windows验证和sql server 2000验证
用windows验证连接时,不必指定一个用户id及口令,连接验证使用windows nt或2000的组帐号(group account)。
要知道:sql server 2000 在连接验证之前,用户先用windows nt或2000的组帐号在客户端成功登录至sql server 2000服务器,方能建立一个信任连接(trusted connection),sql server从信任连接属性中获取用户的帐号信息,将其与windows已定义的帐号信息匹配和分析,如果正确就连接成功,并将此windows帐号作为连接至sql server 2000的用户id。
上文中的连接字中包含有:trusted_connection=yes;
这就意味着连接将采用信任连接方式,但由于连接前没有用windows组帐号(在asp环境中是访问iis服务帐号iusr_计算机名,在asp.net环境中帐号是aspnet)登录至sql server 2000服务器, 也就是说没有建立一个信任连接(trusted connection),当然,sql server 2000连接也不能够成功。
将trusted_connection=yes;删除或改为trusted_connection=no;
这将不采用信任连接方式(也即不采用windows验证方式),而改由sql server 2000验证方式,即在连接字中指定:user id=user name;password=user password;
sql server 2000会将此用户id和口令进行验证连接,而与windows帐号无关。
关于sql server 2000上述两种验证方式的设置(连接验证采用windows和sql server验证,还是仅采用windows验证),可以启动sql server 2000企业管理器,然后在安全性配置中设置。