从Docker ASP.NET到外部SQL数据库的Windows身份验证

6kkfgxo0  于 2022-09-19  发布在  Docker
关注(0)|答案(1)|浏览(203)

我有ASP.NET项目,它是通过Docker Compose部署的。部署的应用程序使用外部MS SQL数据库

如果在本地部署ASP.NET项目,则应用程序设置类似于使用Windows身份验证:

{
  "ConnectionStrings": {
     "Database": "Data Source=name.server;Initial Catalog=name_base_dev;Integrated Security=True;MultipleActiveResultSets=True;"
  },
  "DetailedErrors": true,
  "Logging": {
    "LogLevel": {
      "Default": "Information",
      "Microsoft.AspNetCore": "Warning"
    }
  }
}

但是,如果我将ASP.NET项目部署到Docker Containers,我必须修改应用程序设置,因为它不能在其他情况下工作(不能访问数据库),如下所示:

{
  "ConnectionStrings": {
     "Database": "Data Source=name.server;Initial Catalog=name_base_dev;**User Id=name_user;Password=BigPassword**;MultipleActiveResultSets=True;"
  },
  "DetailedErrors": true,
  "Logging": {
    "LogLevel": {
      "Default": "Information",
      "Microsoft.AspNetCore": "Warning"
    }
  }
}

我在码头集装箱日志里看到的就是:

> Executing task: docker logs --tail 1000 -f d7d7fb508f6a0135b18ccfc40eecff1e3bab7e0cbcfdd6506d5d089acf5cd176 <

info: ProtoBuf.Grpc.Server.ServicesExtensions.CodeFirstServiceMethodProvider[0]
      RPC services being provided by Name_project.WebUi.Services.ApiService: 5
warn: Microsoft.AspNetCore.DataProtection.Repositories.FileSystemXmlRepository[60]
      Storing keys in a directory '/root/.aspnet/DataProtection-Keys' that may not be persisted outside of the container. Protected data will be unavailable when container is destroyed.
info: Microsoft.EntityFrameworkCore.Infrastructure[10403]
      Entity Framework Core 6.0.6 initialized 'Name_DbContext' using provider 'Microsoft.EntityFrameworkCore.SqlServer:6.0.6' with options: MigrationsAssembly=Name_project.Persistence
info: ProtoBuf.Grpc.Server.ServicesExtensions.CodeFirstServiceMethodProvider[0]
      RPC services being provided by Name_project.WebUi.Services.ApiService: 5
warn: Microsoft.AspNetCore.DataProtection.Repositories.FileSystemXmlRepository[60]
      Storing keys in a directory '/root/.aspnet/DataProtection-Keys' that may not be persisted outside of the container. Protected data will be unavailable when container is destroyed.
info: Microsoft.EntityFrameworkCore.Infrastructure[10403]
      Entity Framework Core 6.0.6 initialized 'Name_DbContext' using provider 'Microsoft.EntityFrameworkCore.SqlServer:6.0.6' with options: MigrationsAssembly=Name_project.Persistence
info: ProtoBuf.Grpc.Server.ServicesExtensions.CodeFirstServiceMethodProvider[0]
      RPC services being provided by Name_project.WebUi.Services.ApiService: 5
warn: Microsoft.AspNetCore.DataProtection.Repositories.FileSystemXmlRepository[60]
      Storing keys in a directory '/root/.aspnet/DataProtection-Keys' that may not be persisted outside of the container. Protected data will be unavailable when container is destroyed.
info: Microsoft.EntityFrameworkCore.Infrastructure[10403]
      Entity Framework Core 6.0.6 initialized 'Name_DbContext' using provider 'Microsoft.EntityFrameworkCore.SqlServer:6.0.6' with options: MigrationsAssembly=Name_project.Persistence

Terminal will be reused by tasks, press any key to close it.

帮助了解如何为部署在Docker容器中的ASP.NET应用程序启用Windows身份验证。已尝试指定集成安全=SSPI,也没有帮助。

更新1

如果我尝试在容器kinit nameUser-V-k-t/app/nameuser.keytab中执行命令,那么我将通过Kerberosv5的身份验证

root@14f08a183079:/app# kinit nameuser -V -k -t /app/nameuser.keytab
Using default cache: /tmp/krb5cc_0
Using principal: nameuser@DOMAIN.LOCALL
Using keytab: /app/nameuser.keytab
Authenticated to Kerberos v5

root@14f08a183079:/app# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: nameuser@DOMAIN.LOCAL

Valid starting     Expires            Service principal
09/15/22 15:30:47  09/16/22 01:30:47  krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL
        renew until 09/22/22 15:29:47

root@14f08a183079:/app# kinit nameuser

如果我尝试从Dockerfile运行,则进入日志应用程序:

Start service
Using default cache: /tmp/krb5cc_0
Using principal: nameuser@DOMAIN.LOCAL
Using keytab: /app/nameuser.keytab
' not found while getting initial credentialsile '/app/nameuser.keytab

我在码头集装箱日志里看到的就是:

Using default cache: /tmp/krb5cc_0
Using principal: nameuser@DOMAIN.LOCAL
Using keytab: /app/nameuser.keytab
' not found while getting initial credentialsile '/app/nameuser.keytab
info: ProtoBuf.Grpc.Server.ServicesExtensions.CodeFirstServiceMethodProvider[0]
      RPC services being provided by MyProject.WebUi.Services.ApiService: 5
warn: Microsoft.AspNetCore.DataProtection.Repositories.FileSystemXmlRepository[60]
      Storing keys in a directory '/root/.aspnet/DataProtection-Keys' that may not be persisted outside of the container. Protected data will be unavailable when container is destroyed.
info: Microsoft.EntityFrameworkCore.Infrastructure[10403]
      Entity Framework Core 6.0.6 initialized 'ProjectDbContext' using provider 'Microsoft.EntityFrameworkCore.SqlServer:6.0.6' with options: MigrationsAssembly=MyProject.Persistence
Segmentation fault

你能帮帮我吗?

docker

1条答案

按热度按时间
mpgws1up

mpgws1up1#

默认情况下,您不能从Docker容器中使用集成安全。

您的应用程序不是在Windows上运行,而是在Docker(可能是Linux)上运行。即使您使用基于Windows的映像,该容器也不在您的域中,并且/或者它不知道您的SQL Server主机的Windows用户,因此它无法进行身份验证。

您可以让容器使用Kerberos,让它看起来像属于域一样,但随后需要修改您的Docker映像,这样它才能做到这一点。

例如,请参见Code Project: Authenticate .NET Core Client of SQL Server with Integrated Security from Linux Docker ContainerMS Docs: Understanding Active Directory authentication for SQL Server on Linux and containers

赞(0)分享  回复(0)举报  2022-09-19
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com