通过IIS 7上的.NET Web App访问网络文件

时间:2013-07-10 15:14:12

标签: c# .net iis networking impersonation

我一直在尝试使用Windows身份验证来模拟访问IIS 7上托管的网站的当前经过身份验证的用户,但是当我尝试访问单独服务器上的文件时,登录请求仍然出现在事件中使用我尝试访问的文件作为ANONYMOUS LOGON:

的服务器日志 
An account was successfully logged on.

Subject:
    Security ID:        NULL SID
    Account Name:       -
    Account Domain:     -
    Logon ID:       0x0

Logon Type:         3

New Logon:
    Security ID:        ANONYMOUS LOGON
    Account Name:       ANONYMOUS LOGON
    Account Domain:     NT AUTHORITY
    Logon ID:       0x1e47ea9
...

如果我从开发环境或IIS服务器上的本地主机上直接运行WebApp,它会使用正确的用户凭据并且工作正常。

我的Web.config有

<authentication mode="Windows" />
    <identity impersonate="true" />

在IIS身份验证中,我禁用了匿名身份验证,启用了Asp .NET模拟,并启用了Windows身份验证。

在我尝试的代码中(c#with .NET framework 4)

string path = @"\\server1\project\test.csv";
            ((WindowsIdentity)HttpContext.Current.User.Identity).Impersonate();
            StreamWriter sw = File.AppendText(path);


using (HostingEnvironment.Impersonate(WindowsIdentity.GetCurrent().Token))
{
//code
}



using (HostingEnvironment.Impersonate())
{
//code
}

以及我发现的其他几项建议。

如果我检查System.Security.Principal.WindowsIdentity.GetCurrent()。在代码中没有任何直接模拟行的名称,它会显示我想要模拟的正确域/用户凭据,谁有权使用我试图联系的文件。

当我通过不在IIS服务器上的浏览器访问Web应用程序时,它会询问Windows凭据,然后当我点击按钮运行上面的代码时,会弹出登录框,询问Windows信息,并保持弹出不管我通过什么。每次尝试都会在连接ANONYMOUS LOGON的server1上创建一个新事件。

从我读到的内容可能是双跳问题认证问题,但大多数帖子都是关于SQL服务器而不是简单的文件共享。

错误是:

Access to the path '\\server\project\test.csv' is denied.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. 

Exception Details: System.UnauthorizedAccessException: Access to the path '\\server1\project\test.csv' is denied. 

ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6 and IIS 7, and the configured application pool identity on IIS 7.5) that is used if the application is not impersonating. If the application is impersonating via <identity impersonate="true"/>, the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user. 

To grant ASP.NET access to a file, right-click the file in File Explorer, choose "Properties" and select the Security tab. Click "Add" to add the appropriate user or group. Highlight the ASP.NET account, and check the boxes for the desired access.

任何指导都将不胜感激!

1 个答案:

答案 0 :(得分:0)

该例外告诉您,您无权访问该资源。您有一个运行项目的用户。为运行项目的用户提供给定资源的必要权限。如果您不信任该操作系统的用户,请与受信任的用户一起运行您的项目。

相关问题
最新问题