我们的ASP.NET C#Web应用程序将各种文件(如jpgs,pngs,docx,txt等)上传到名为ClientBin的文件夹中。 在Visual Studio 2010 .NET IDE测试服务器上,一切正常。
但是,如果我们将应用程序部署到IIS7服务器,我们必须向我们的应用程序的Web用户授予上载文件的权限。 我们基本上使用IIS7登录到我们的服务器,然后手动修改名为ClientBin的文件夹的安全属性,该属性最终应包含jpgs,pngs,docx,txt等内容。
---允许网络用户成功上传的手动方法---------------------------
在资源管理器中右键单击projectfolder \ ClientBin文件夹,选择“属性”,然后选择“安全”选项卡。单击“添加”以添加适当的用户或组。突出显示ASP.NET帐户,并选中所需访问的框。 ---使上传成功的手动方法---------------------------
- 程序化方法,在尝试上传时仍会向Web用户提供异常错误------------------
String DirectoryPath = System.IO.Path.Combine(Server.MapPath("~/ClientBin/"));
DirectorySecurity specificDirectorySecurity = Directory.GetAccessControl(DirectoryPath);
specificDirectorySecurity.AddAccessRule(new FileSystemAccessRule("Users", FileSystemRights.Modify, AccessControlType.Allow));
specificDirectorySecurity.AddAccessRule(new FileSystemAccessRule("Administrators", FileSystemRights.Modify, AccessControlType.Allow));
specificDirectorySecurity.AddAccessRule(new FileSystemAccessRule("SYSTEM", FileSystemRights.Modify, AccessControlType.Allow));
Directory.SetAccessControl(DirectoryPath, specificDirectorySecurity);
- 程序化方法,在尝试上传时仍会向Web用户提供异常错误------------------
另一篇在线帖子建议我通过在web.config中输入以下内容来解决问题:
----可能通过编程方法解决问题的XML配置--------
identity impersonate =“true”userName =“ComputerName \ Administrator” 密码= “不要”
----可能通过编程方法解决问题的XML配置--------
但是,如果我将身份模仿为真,我会担心安全问题。
最安全,最自动化(可能意味着程序化解决方案)的方法是什么?
谢谢,
newemployee
答案 0 :(得分:1)
通常,应用程序被赋予对目录的权限,应用程序管理用户对上载文件夹的访问权限。
答案 1 :(得分:0)
所有
即使我没有弄清楚C#如何修改上传文件夹的权限。
Microsoft Windows PowerShell似乎可以通过编程方式修改上传文件夹的权限。
以下是以编程方式修改上传文件夹权限的代码片段:
$computerHostName = [System.Net.Dns]::GetHostName()
#These constants are used to set permissions
$inherit = [system.security.accesscontrol.InheritanceFlags]"ContainerInherit, ObjectInherit"
$propagation = [system.security.accesscontrol.PropagationFlags]::None
$colRights = [System.Security.AccessControl.FileSystemRights]"Modify"
$objType =[System.Security.AccessControl.AccessControlType]::Allow
#(MSDN Docs) The IIS_IUSRS Group has access to all the necessary file and system resources
# so that an account, when added to this group, can seamlessly act as an application pool identity.
# IIS_IUSRS group by default includes the web users that log on to the Perls Applications.
#If a web user needs to upload resources to the folder within the Perls Web Application that
# contains uploaded resource files then we need to ensure that the members of the
# IIS_IUSRS Group have permissions to add resource files to that particular Perls Web Application upload folder.
#This determines which user is the guest user for IIS. Windows Vista and 08 use the IIS_USRS group, Previous version use
#IUSR_[MachineName]
if ([environment]::osversion.Version.Major -eq 6) {
$webUser="IIS_IUSRS"
} else {
$webUser="IUSR_" + $computerHostName
}
$clientBinDirectoryPath = "D:\DeployedApplications\" + $umbrellaComponentName + "\" + $siteWebComponentName + "\" + "ClientBin"
$perlsPivotErrorDirectoryPath = "D:\DeployedApplications\" + $umbrellaComponentName + "\" + $siteWebComponentName + "\" + "PerlsPivotErrorDirectory"
$aclForClientBinDirectoryPath = Get-Acl $clientBinDirectoryPath
$accessRuleForClientBinDirectoryPath = New-Object System.Security.AccessControl.FileSystemAccessRule($webUser, $colRights, $inherit, $propagation, $objType)
$aclForClientBinDirectoryPath.AddAccessRule($accessRuleForClientBinDirectoryPath)
Set-Acl -aclobject $aclForClientBinDirectoryPath $clientBinDirectoryPath
$aclForPerlsPivotErrorDirectoryPath = Get-Acl $perlsPivotErrorDirectoryPath
$accessRuleForPerlsPivotErrorDirectoryPath = New-Object System.Security.AccessControl.FileSystemAccessRule($webUser, $colRights, $inherit, $propagation, $objType)
$aclForPerlsPivotErrorDirectoryPath.AddAccessRule($accessRuleForPerlsPivotErrorDirectoryPath)
Set-Acl -aclobject $aclForPerlsPivotErrorDirectoryPath $perlsPivotErrorDirectoryPath