我在 Windows Server 2008 上安装了几个 DotNetNuke 站点。我想知道应该如何将各种安全实体配置在一起。例如,一些安装参考建议将站点文件的权限设置为包含“网络安全”和修改权限;IIS 7.5 AppPool 标识设置为网络服务。
至于数据库 - 我使用的是 SqlServer 2008。我使用了 Windows Integrated 和 SqlServer 用户身份。一个比另一个更受欢迎吗?我在这个论坛中注意到 AppPool 身份需要 SqlServer 中的 db_owner 权限。
简而言之,我试图将文件权限、IIS 7.5 AppPool 和 SqlServer 2008 安全设置结合在一起。我使用 DotNetNuke 5.x 和 6.x。
In IIS 7.5 I always use "IIS AppPool\ApplicationPoolName" where ApplicationPoolName is defined by IIS when you create the website. I use this for the File Permissions, I also use Windows Authentication for the database account using that same username, this assumes you are running SQL Server locally.
Having individual application pool accounts helps from a security perspective because the pools are silo'd, meaning they can only access their File System and their Database, not other website's file systems or databases.
If you are using IIS 7, or earlier versions (not 5/5.1 in Windows 2000/XP) the default application pool runs under Network Service.