Web服务在远程计算机上执行

时间:2010-01-18 08:51:56

标签: c# .net vb.net asmx

我正在使用asmx web服务来锁定远程计算机上的文件夹!

当我在本地机器上运行Web服务时一切正常,但是当我在远程计算机上运行时没有任何反应,远程计算机上的文件夹保持解锁状态!

我认为我需要在远程计算机上为此Web服务设置安全权限,但我不知道在哪里!

那么,我需要在远程计算机上启用此服务吗?

5 个答案:

答案 0 :(得分:0)

远程asmx运行的凭据是什么?它是否有权在自己的文件夹结构之外对文件系统进行操作?

答案 1 :(得分:0)

我怀疑它是权限,网络服务是否具有对文件夹的读/写权限?

也许你可以尝试身份冒充。

<system.web>
<identity impersonate="true" userName="WindowsDomain\YourUserName" password="YourPassword" />
</system.web>

编辑我首先检查服务器上的文件夹是否具有网络服务的写权限。如果无法更改文件夹安全性,请在Web配置中使用身份模拟,并将其映射到服务器上的用户。

编辑2 当代码试图锁定文件夹时,您是否收到任何类型的错误?

答案 2 :(得分:0)

这是删除某个文件夹的用户允许权限的功能:

Public Function RemoveAllowPermission(ByVal filePath As String, ByVal username As String, ByVal power As String) 

        Dim dirinfo As DirectoryInfo = New DirectoryInfo(filePath)

        Dim dirsecurity As DirectorySecurity = dirinfo.GetAccessControl()
        dirsecurity.SetAccessRuleProtection(True, True)
        Select Case power

            Case "FullControl"

                dirsecurity.RemoveAccessRuleAll(New FileSystemAccessRule(username, FileSystemRights.FullControl, InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow))

                dirsecurity.RemoveAccessRuleAll(New FileSystemAccessRule(username, FileSystemRights.FullControl, InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow))

                dirsecurity.RemoveAccessRuleAll(New FileSystemAccessRule(username, FileSystemRights.FullControl, InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow))

            Case "ReadOnly"

                dirsecurity.RemoveAccessRuleAll(New FileSystemAccessRule(username, FileSystemRights.Read, AccessControlType.Allow))

            Case "Write"

                dirsecurity.RemoveAccessRuleAll(New FileSystemAccessRule(username, FileSystemRights.Write, InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow))

                dirsecurity.RemoveAccessRuleAll(New FileSystemAccessRule(username, FileSystemRights.Write, InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow))

                dirsecurity.RemoveAccessRuleAll(New FileSystemAccessRule(username, FileSystemRights.Write, InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow))

            Case "Modify"

                dirsecurity.RemoveAccessRuleAll(New FileSystemAccessRule(username, FileSystemRights.Modify, AccessControlType.Allow))

        End Select

        dirinfo.SetAccessControl(dirsecurity)

    End function

在下一个函数中,我调用RemoveAllowPermission函数:

 <WebMethod()> _
    Public Function ChangePermission()
        Dim file As String = "C:\Pictures"
        Dim fs As FileSecurity = System.IO.File.GetAccessControl(file)
        Dim owner As NTAccount = CType(fs.GetOwner(GetType(NTAccount)), NTAccount)

        Dim usergroup As AuthorizationRuleCollection = fs.GetAccessRules(True, True, (GetType(System.Security.Principal.NTAccount)))
        Try
            For Each Rule As FileSystemAccessRule In usergroup
                RemoveAllowPermission(file, Rule.IdentityReference.Value, "FullControl")
              Next
        Catch ex As Exception
Return ("Error")
        End Try
    End Sub
Return 0
End Class

因此,当我在远程计算机上运行服务时,我的ChangePermission函数捕获异常并返回异常消息错误!

答案 3 :(得分:0)

因为它是ASMX,我认为它适用于ASP.NET的模拟规则。由于没有以编程方式登录功能,您应该使用非托管API。

假设您需要在模拟上下文中执行某些操作(在远程计算机用户帐户下可以访问您想要的位置)。

Impersonation.Execute(myEntity.NasUser, myEntity.NasPassword, () =>    
{     
//Copy File to UNC Path for example
   File.Copy(sourceFile, Path.Combine(myEntity.UploadPath, Path.GetFileName(sourceFile)), true);     
});

导入非托管api:

    [DllImport("advapi32.dll", SetLastError = true)]     
    public static extern bool LogonUser(     
        string lpszUsername,     
        string lpszDomain,     
        string lpszPassword,     
        int dwLogonType,     
        int dwLogonProvider,     
        out IntPtr phToken     
        );    
    [DllImport("kernel32.dll", CharSet = CharSet.Auto)]     
    public extern static bool CloseHandle(IntPtr handle);

上述执行可能是这样的:

public static void Execute(string userName, string domain, string password, Action action)    
    {     
        try     
        {     
            bool bImpersonated = LogonUser(     
                userName,     
                domain,     
                password,     
                logon32LogonInteractive,     
                logon32ProviderDefault,     
                out tokenHandle);     
            if (bImpersonated == false)     
            {     
                throw new Win32Exception(Marshal.GetLastWin32Error());     
            }     
            WindowsIdentity newId = new WindowsIdentity(tokenHandle);     
            impersonatedUser = newId.Impersonate();     
            action();     
        }     
        catch (Exception ex)     
        {     
            throw ex;     
        }     
        finally     
        {     
            if (impersonation != null)     
                impersonation.Dispose();     
        }     
    }

您不应忘记撤消模拟并返回之前的Windowscredentials状态:

public void Dispose()    
{     
    // Stop impersonating the user.     
    if (impersonatedUser != null)     
        impersonatedUser.Undo();     
    // close handle     
    if (tokenHandle != IntPtr.Zero)     
        CloseHandle(tokenHandle);     
}

答案 4 :(得分:0)

您可以随时使用管理员帐户运行Web服务的应用程序池!不建议在生产中这样做但如果它起作用至少你有一个起点。祝你好运。

相关问题
最新问题