Active Directory, Windows 8
如果我使用用户“xxx”登录并使用此类代码运行应用程序:
//WindowsIdentity.GetCurrent().Name - is "MyDomain\xxx";
var connectionOptions = new ConnectionOptions
{
EnablePrivileges = true,
Impersonation = ImpersonationLevel.Impersonate
};
var scope = new ManagementScope(
string.Format("\\\\{0}\\root\\CIMV2", computerName),
connectionOptions);
scope.Connect();
效果很好。
然而,当在IIS中运行此代码时,同一个mashine我有例外:
// WindowsIdentity.GetCurrent().Name - is "NT AUTHORITY\SYSTEM" or "IIS APPPOOL\DefaultAppPool", tryed both
var windowsIdentity = User.Identity as WindowsIdentity;
if (windowsIdentity != null)
{
using (windowsIdentity.Impersonate())
{
// WindowsIdentity.GetCurrent().Name - is "MyDomain\xxx";
var connectionOptions = new ConnectionOptions
{
EnablePrivileges = true,
Impersonation = ImpersonationLevel.Impersonate
};
var scope = new ManagementScope(
string.Format("\\\\{0}\\root\\CIMV2", computerName),
connectionOptions);
scope.Connect();
// throws exception "Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))"
// my other code here
}
}
使用的Windows身份验证:
<authentication mode="Windows" />
<identity impersonate="false" />
尝试将AppPool作为ApplicationPoolIdentity和System运行。 为AppPool尝试授予“作为操作系统的一部分”。 结果是一样的,我总是得到“访问被拒绝”。
为什么我有这个例外?我应该做些什么而不仅仅是模仿或者为AppPool授予一些权限吗?