当前设置如下所示,服务器A承载电子服务,服务器B是本地和内部服务器。我想在服务器A的浏览器中显示pdf文件,服务器A将从服务器B获取。
现在,服务器A与服务器B不在同一个域或组中。
当我访问服务器A并在文件浏览器中键入路径" \\ serverB \ folder \ file.pdf"时,我可以打开它并查看它。
当我使用visual studio进行调试时,以下代码也能正常工作并查看文件:
public class Impersonation
{
[DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern bool LogonUser(String lpszUsername, String lpszDomain, String lpszPassword,
int dwLogonType, int dwLogonProvider, out SafeTokenHandle phToken);
[DllImport("kernel32.dll", CharSet = CharSet.Auto)]
public extern static bool CloseHandle(IntPtr handle);
// Test harness.
// If you incorporate this code into a DLL, be sure to demand FullTrust.
[PermissionSetAttribute(SecurityAction.Demand, Name = "FullTrust")]
public WindowsImpersonationContext ImpersonateUser(string domain , string user, string pass)
{
SafeTokenHandle safeTokenHandle;
try
{
// Get the user token for the specified user, domain, and password using the
// unmanaged LogonUser method.
// The local machine name can be used for the domain name to impersonate a user on this machine.
//Console.Write("Enter the name of the domain on which to log on: ");
// Call LogonUser to obtain a handle to an access token.
bool returnValue = LogonUser(user, domain, pass,
LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT,
out safeTokenHandle);
if (false == returnValue)
{
int ret = Marshal.GetLastWin32Error();
throw new System.ComponentModel.Win32Exception(ret);
}
using (safeTokenHandle)
{
// Use the token handle returned by LogonUser.
using (WindowsIdentity newId = new WindowsIdentity(safeTokenHandle.DangerousGetHandle()))
{
using (WindowsImpersonationContext impersonatedUser = newId.Impersonate())
{
return newId.Impersonate();
}
}
// Releasing the context object stops the impersonation
}
}
catch (Exception ex)
{
}
return null;
}
}
public sealed class SafeTokenHandle : SafeHandleZeroOrMinusOneIsInvalid
{
private SafeTokenHandle()
: base(true)
{
}
[DllImport("kernel32.dll")]
[ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)]
[SuppressUnmanagedCodeSecurity]
[return: MarshalAs(UnmanagedType.Bool)]
private static extern bool CloseHandle(IntPtr handle);
protected override bool ReleaseHandle()
{
return CloseHandle(handle);
}
}
其中fpath是文件的路径。
然而,当我尝试从浏览器访问它时,我得到Access被拒绝错误。
我通过以下代码尝试了Impersonation:
Impersonation impersonate = new Impersonation();
using (System.Security.Principal.WindowsImpersonationContext impUser = impersonate.ImpersonateUser("Domain", "User", "Password"))
{
bool endResponse = false;
try
{
byte[] b = null;
using (System.IO.FileStream fs = System.IO.File.OpenRead(fpath))
{
b = new byte[fs.Length];
fs.Read(b, 0, b.Length);
}
Response.AddHeader("Content-Type", "application/pdf");
Response.AddHeader("Content-Disposition", "attachment;filename=Report.pdf");
Response.OutputStream.Write(b, 0, b.Length);
Response.Flush();
Response.Close();
endResponse = true;
}
catch (Exception ex)
{
throw;
}
finally
{
}
if (endResponse)
Response.End();
}
并将其用作:
{{1}}
它不会检索所需的用户,而是检索服务器A的用户,但是在使用visual studio进行调试时,它确实有效并且不会抛出错误,但是当从Web浏览器访问它时,它仍然会抛出错误。
答案 0 :(得分:0)
好的,这肯定是与网络相关的问题。但是我使用Web服务将pdf文件作为字节数组发送,这样它就连接了内部网络服务器和DMZ服务器,现在我可以读取我的pdf文件了。