如何以编程方式在iis7中为应用程序完成URL授权?

时间:2018-01-11 13:41:58

标签: c# iis authorization

我创建了一个ftp站点“TestFtpSite”和一个带有路径“/ LocalUser / demor”的应用程序。这是ApplicationHost.config中的配置。

<site name="TestFtpSite" id="3">
            <application path="/" applicationPool="TestFtpPool">
                <virtualDirectory path="/" physicalPath="F:\empty-ftp-folder" />
            </application>
            <application path="/LocalUser/demor" applicationPool="TestFtpPool">
                <virtualDirectory path="/" physicalPath="F:\HJ_STORAGE\demor" />
            </application>
            <bindings>
                <binding protocol="ftp" bindingInformation="*:21:" />
            </bindings>
            <ftpServer>
                <security>
                    <ssl controlChannelPolicy="SslAllow" dataChannelPolicy="SslAllow" />
                    <authentication>
                        <basicAuthentication enabled="true" />
                    </authentication>
                </security>
                <userIsolation mode="IsolateAllDirectories">
                    <activeDirectory />
                </userIsolation>
            </ftpServer>
        </site>

在阅读understanding-iis-url-authorization后,我发现我们可以在 ApplicationHost.config 文件中添加位置标记来保护应用程序。但是我找不到任何代码片段或api如何将带有授权规则的位置标记实际添加到配置文件中。
我想用C#实现以下实用。 

<location path="TestFtpsite/LocalUser/Bob"> 
    <system.ftpServer> 
        <security> 
            <authorization> 
                <clear />
                <add accessType="Allow" users="Bob" permissions="Read, Write"/>                  
            </authorization> 
        </security> 
    </system.ftpServer> 
</location>

--------------更新----------------------

最后,我在programmatically-unlocking-iis-configuration-sections-in-powershell

的启发下解决了它

这是我的解决方案,希望它能帮助别人。

        // be sure to reference Microsoft.Web.Administration firstly
        ServerManager sm = new ServerManager();
        Configuration config= sm.GetApplicationHostConfiguration();

        /*************************
         * Unlock the section
         * ***********************/
        ConfigurationSection section = config.GetSection("system.ftpServer/security/authorization", "TestFtpSite/LocalUser/demor");
        section.OverrideMode = OverrideMode.Allow;
        sm.CommitChanges(); 

        // Get a new instance of the configuration object
        config = sm.GetApplicationHostConfiguration();
        section = config.GetSection("system.ftpServer/security/authorization", "TestFtpSite/LocalUser/demor");
        ConfigurationElementCollection authCollection = section.GetCollection();

        ConfigurationElement clearElement = authCollection.CreateElement("clear");
        authCollection.Add(clearElement);

        ConfigurationElement addElement =  authCollection.CreateElement("add");
        addElement.SetAttributeValue("accessType", "Allow");
        addElement.SetAttributeValue("users", "demor");
        addElement.SetAttributeValue("permissions", "Read, Write");
        authCollection.Add(addElement);

        sm.CommitChanges();

1 个答案:

答案 0 :(得分:0)

使用“授权”属性。用法取决于使用的技术,但对于MVC,您可以将其置于控制器或此类操作上。

[Authorize(Users="Bob")]
public ActionResult LocalUser()
{
    . . .
}
相关问题
最新问题