[Translation] applying the FileStream feature in ASP. NET Web applications

Q: I use form-based authentication in ASP. NET applications. I want to use FileStream (file stream), but verification becomes a barrier. How can I set it?

A:
If you are using anonymous access and form-based authentication, you cannot combine them with Windows users. Therefore, you cannot verify Windows users from web clients in SQL Server. The solution is to use IIS process-level identity to log on to SQL Server with integrated security.

Even if you access IIS anonymously, IIS has a Windows-level process-level identity. You can use this to allow the process account to access SQL Server through Windows authentication.

The steps are as follows:
1. Make sure that IIS uses the "Network service" identity. This is the default setting, but you need to perform the following steps in the application pool managed by IIS:
Right-click the ASP. NET application pool used by your application, select properties, and go to the "ID" tab to ensure that you select "pre-defined" and "Network Service ". If this is not set, you will receive an error message: User 'nt AUTHORITY \ ANONYMOUS logon' Login Failed

2. Make sure that the IIS account can access SQL Server. You can use a T-SQL statement like sp_grantlogin 'domain1 \ machineA $ 'to grant logon permissions. Grant necessary permissions.

3. Configure web. config as follows:
<Authentication mode = "Forms"/>
<Identity impersonate = "false"/>
(The default value is false. If you allow anonymous access to IIS, you cannot set this to true. Otherwise, you may obtain the following error message:
Login Failed. This login is from an untrusted domain and cannot be verified using Windows .)

4. Configure the website to allow anonymous access

5. configure all SQL connection statements for Windows Verification
In your Filestream application, make sure that all SQL connections use "integration security", for example:
SqlConnection sqlConnection = new SqlConnection ("Integrated Security = true; server = MachineB ");

6. the above steps allow your application to use the Domain1 \ MachineA $ account to connect to SQL Server using Windows Verification

Note: You can also configure the IIS process account book to use the "Network Service" account and use another account.