c# - ASP.NET app upgrade from SSAS 2014 to SSAS 2017 - can't log in from remote PC
问题描述
Looking for a little help here. I've got an ASP.NET site that connects to a SSAS cube. This has worked for more than a decade with various SSAS version - most recently SSAS 2014. Website is set up to use windows authentication so each user can see only what they have permissions to. As part of upgrading the SSAS database to 2017, I've also upgraded from .NET 3.5 to .NET 4.7. My SSAS server is running on a separate server - not on the IIS server.
The code that seems to be causing problems is very simple:
AdomdConnection olapCnn = new AdomdConnection();
olapCnn.ConnectionString = ""Provider=MSOLAP;Data Source=ASServerName;Initial Catalog=SomeDatabase";
olapCnn.Open();
Opening the connection fails with a "Connection either failed or timed out". If I point to my SSAS 2014 server and database, it works fine. If I run a profiler trace, I can see that on my SSAS 2014 instance, I am connecting to AS with my credentials as expected. However, on my MSAS 2017 instance, I can see that an attempt is made to log in with 'ANONYMOUS LOGON' in the NTUserName column and the NTDomainName is 'NT AUTHORITY'. With those credentials, it makes sense I can't connect - however, I don't understand why it doesn't pick up my credentials just like the MSAS 2014 instance does.
Here is where it gets even more tricky for me. It actually works from my development machine hosting the IIS - if I start the project up with or without debugging from VS 2017, I can open the connection and the profiler shows my credentials, so all the needed components to connect to SSAS is installed on the IIS/development server. Everthing also works if I connect to the website from a browser on the development/IIS server without using VS 2017.
So to sum up: From development/IIS machine, I can connect to the remote SSAS instance and from another PC, connecting to the IIS on the development/IIS machine, it fails as it tries to connect to SSAS 2017 with anonymous. Pointing to a SSAS 2014 instance, it works both from the development/IIS machine and from remote.
What am I missing here?
解决方案
好吧 - 如果它在你的雷达上,最终是一种明显的解决方案,但我不知道这一点,所以浪费了无数小时......这与.NET升级无关,而是我已经分开的事实MSAS 服务器输出到另一个虚拟机。问题是由于客户端必须执行 2 次跳转(从客户端 -> Web 服务器 -> MSAS 服务器)和用户帐户(服务帐户)需要配置“Kerberos 约束委派”(请参阅此 Microsoft 链接:配置分析服务和Kerberos 约束委派 (KCD))在跳转多个跳转时传递用户凭据。我敢肯定,任何具有域安全知识的人都知道它——作为一个“简单”的开发人员,我没有:(我希望这对其他人有帮助......
推荐阅读
- swiftui - swiftUI - 强制屏幕到横向后无法关闭模式屏幕
- websphere-portal - WebSphere 门户内容上 chrome 的混合内容问题
- linux - 将设备中断寄存器设置为 0 不会导致任何结果
- python - Python NameError:名称'keys'未定义错误pynput
- javascript - useState hook如何知道react中的调用上下文
- javascript - 如何在循环内循环并通过 AJAX 调用对 JSON 对象的结果进行排序?
- sql - 在记录中用一个值替换空值在 ORACLE SQL 中
- javascript - 当我的响应需要在下一次相关 API 调用之前执行一些逻辑操作时,我如何使用 useSWR 挂钩
- python - mysql.connector.errors.OperationalError: 2055: Lost connection to MySQL server at 'host', system error: 32 Broken pipe
- ios - 从 Storyboard 访问 Swift 包中的资产目录