我正在编写一个小的Windows工具来搜索一些SQL数据库。我能够连接并搜索第一个数据库没有问题,但是当我尝试搜索第二个数据库(数据库2)时,我一直收到以下登录错误:
' System.Data.SqlClient.SqlException'发生在System.Data.dll中 用户' \ azahir'
的登录失败
您会发现我的连接字符串中甚至没有指定<Domain>\azahir或我的几行代码中的任何位置。
Imports System.Data
Imports System.Data.SqlClient
Public Class Form1
Dim Conn As SqlConnection
Dim Conn2 As SqlConnection
Private Sub btSearch_Click(sender As Object, e As EventArgs) Handles btSearch.Click
Conn = New SqlConnection("Data Source = <SERVER>;Initial Catalog=<DATABASE>;Integrated Security=SSPI;User ID = <Domain> \ axzahir;Password=<Password>;")
Conn.Open()
Dim cmd2 As SqlCommand = Conn.CreateCommand
cmd2.CommandText = "select firstname, lastname
from systemuserbase where firstname like" + "'%" + TxFirstName.Text + "%'" +
" And lastname Like" + " '%" + TxLastname.Text + "%'"
Dim dir As SqlDataReader = cmd2.ExecuteReader()
If dir.HasRows Then
Dim dtClient As New DataTable
dtClient.Load(dir)
dtOutput.DataSource = dtClient
End If
dir.Close()
Conn.Close()
End Sub
....
Private Sub btnArgus_Click(sender As Object, e As EventArgs) Handles btnArgus.Click
Conn2 = New SqlConnection("Data Source = <SERVER2>;Initial Catalog=<DATABASE 2>;Integrated Security=SSPI;User ID = <DOMAIN> \ axzahir;Password=<PASSWORD>;")
Conn2.Open()
Dim cmd3 As SqlCommand = Conn2.CreateCommand
cmd3.CommandText = "select userID, Fullname
from Users where FullName like" + "'%" + TxFirstName.Text + "%'" +
" And Fullname Like" + " '%" + TxLastname.Text + "%'"
Dim dir3 As SqlDataReader = cmd3.ExecuteReader()
If dir3.HasRows Then
Dim dtClient As New DataTable
dtClient.Load(dir3)
dtOutput.DataSource = dtClient
End If
dir3.Close()
Conn2.Close()
End Sub
End Class
我已经验证我的域名/用户名+密码适用于数据库2.我很难理解为什么Visual Studio认为我的用户是&#39; \ azahir&#39;而不是指定的&#39; \ axzahir&#39;。关于如何解决这个问题的任何想法?
谢谢你, 阿西
答案 0 :(得分:3)
这不是集成安全的工作原理。使用集成安全性时,无法指定特定用户名或密码。相反,您获得了运行程序的任何用户帐户的用户授权。整个连接字符串如下所示,没有特定的用户信息:
Data Source =&lt; SERVER&gt ;; Initial Catalog =&lt; DATABASE&gt ;; Integrated Security = SSPI;
如果要指定用户名和密码,必须使用SQL身份验证。如果要以特定域帐户身份访问数据库,则使用集成安全性,但必须以该用户身份运行应用程序。无法在连接字符串中指定Active Directory凭据并获取该用户的数据库访问权限。
虽然我在这里,但是让我向您展示一个更好的数据库连接模式。 (一个不是疯狂易受sql注入攻击!并且即使抛出异常也会记得关闭连接。)
假设连接字符串有效:
Private ConnString As String = "connection string here"
Private Sub btSearch_Click(sender As Object, e As EventArgs) Handles btSearch.Click
Dim SQL As String = _
"SELECT firstname, lastname " &
"FROM systemuserbase " &
"WHERE firstname like '%' + @FirstName + '%' AND lastname Like '%' + @LastName + '%';"
Using Conn As New SqlConnection(ConnString), _
cmd As New SqlCommand(SQL, Conn)
'Use actual database column types and lengths here
cmd.Parameters.Add("@FirstName", SqlDbType.NVarChar, 20).Value = TxFirstName.Text
cmd.Parameters.Add("@LastName", SqlDbType.NVarChar, 20).Value = TxLastName.Text
Conn.Open()
Using dir As SqlDataReader = cmd2.ExecuteReader()
dtOutput.DataSource = dir
dir.Close()
End Using
End Using
End Sub
Private Sub btnArgus_Click(sender As Object, e As EventArgs) Handles btnArgus.Click
Dim SQL As String = _
"SELECT userID, Fullname " &
"FROM Users " &
"WHERE FullName like '%' + @FirstName + '%' AND Fullname Like '%' + @Lastname + '%';"
'Note I can use the same variable names.
' These are scoped to the method, not the class.
' Different scope, different variables, even though the names are the same
Using Conn AS New SqlConnection(ConnString), _
cmd As New SqlCommand(SQL, Conn)
'Use actual database column types and lengths here
cmd.Parameters.Add("@FirstName", SqlDbType.NVarChar, 20).Value = TxFirstName.Text
cmd.Parameters.Add("@LastName", SqlDbType.NVarChar, 20).Value = TxLastName.Text
Conn.Open()
Using dir As SqlDataReader = cmd.ExecuteReader()
dtOutput.DataSource = dir
dir.Close()
End Using
End Using
End Sub