问题
If I have an ASP.NET web app using impersonation and a SQL Server connectionstring with Integrated Security = true, does the identity of the IIS application pool of the app play any role?
Does the identity need to be set to some specific user (LocalSystem, NetworkServices or a domain user)? This is on Windows 2003.
回答1:
If the SQL Server is on a different box than IIS then the identity of the IIS application pool has to be trusted for constrained delegation. See How To: Use Protocol Transition and Constrained Delegation in ASP.NET 2.0. If the IIS app is running as NETWORK SERVICE or SYSTEM then the IIS machine account has to be trusted for constrained delegation. The linked resource has all the steps to set this up.
If the SQL Server is on the same machine as IIS then there isn't any requirement afaik.
来源:https://stackoverflow.com/questions/1402852/application-pool-identity-in-iis-and-integrated-security-to-sql-server