asp.net拒绝访问路径XXX

时间:2014-08-14 08:56:34

标签: c# asp.net io directory

我已经阅读了大量有关此错误的文章..还尝试将文件夹的权限设置为最低:

enter image description here

但我仍然收到错误:访问路径' \ servername \ shareFolder $ \ folderNameWeWantToCreate'被拒绝。

我正在尝试检查目录是否存在,如果不使用以下代码,则尝试创建目录:

string Folderpath = @"\\servername\shareFolder$\folderNameWeWantToCreate";
   if (!Directory.Exists(FolderPath))
        Directory.CreateDirectory(FolderPath);

上面的代码适用于本地,但是当放到服务器上时会出错。

我做错了吗?

2 个答案:

答案 0 :(得分:1)

您必须冒充用户身份

http://technet.microsoft.com/en-us/library/cc730708%28v=ws.10%29.aspx

答案 1 :(得分:1)

有两种可能的解决方案:

应用程序池标识

您需要在IIS中创建一个以LocalSystem用户身份运行的新应用程序池,并将您的应用程序更改为在该AppPool上运行。无论如何,您需要一个高权限用户才能在本地高清上执行操作,这样可以为您节省大量的权限。在将来,如果您想要加强安全性,您可以随时返回到低权限AppPool,只需在任何需要的地方授予权限。

远程用户模拟

如果上述情况不起作用,这是您的追索权。这看起来很棘手,但我运行的代码在ASP.NET MVC 5 / .NET 4.5.1上完美运行,所以它也可以在旧版本上正常运行。这是代码:

助手班:

public class ImpersonationHelper
{
    [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
    public static extern bool LogonUser(String lpszUsername, String lpszDomain, String lpszPassword,
        int dwLogonType, int dwLogonProvider, out SafeTokenHandle phToken);

    [DllImport("kernel32.dll", CharSet = CharSet.Auto)]
    public extern static bool CloseHandle(IntPtr handle);

    public const int LOGON32_PROVIDER_DEFAULT = 0;
    public const int LOGON32_PROVIDER_WINNT50 = 3;
    public const int LOGON32_PROVIDER_WINNT40 = 2;
    public const int LOGON32_PROVIDER_WINNT35 = 1;

    public const int LOGON32_LOGON_INTERACTIVE = 2;
    public const int LOGON32_LOGON_NETWORK = 3;
    public const int LOGON32_LOGON_NEW_CREDENTIALS = 9;

    public static SafeTokenHandle GetSafeTokenHandle(string userName, string password, string domain)
    {
        SafeTokenHandle safeTokenHandle;

        bool returnValue = LogonUser(userName, domain, password,
            LOGON32_LOGON_NEW_CREDENTIALS, LOGON32_PROVIDER_WINNT50,
            out safeTokenHandle);

        if (false == returnValue)
        {
            int ret = Marshal.GetLastWin32Error();
            throw new System.ComponentModel.Win32Exception(ret);
        }

        return safeTokenHandle;
    }
}

public sealed class SafeTokenHandle : SafeHandleZeroOrMinusOneIsInvalid
{
    private SafeTokenHandle()
        : base(true)
    {
    }

    [DllImport("kernel32.dll")]
    [ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)]
    [SuppressUnmanagedCodeSecurity]
    [return: MarshalAs(UnmanagedType.Bool)]
    private static extern bool CloseHandle(IntPtr handle);

    protected override bool ReleaseHandle()
    {
        return CloseHandle(handle);
    }
}

主要代码:

var remoteUser = ConfigurationManager.AppSettings["RemoteUser"];
var remotePassword = ConfigurationManager.AppSettings["RemotePassword"];
var remoteDomain = ConfigurationManager.AppSettings["RemoteDomain"];
var safeTokenHandle = ImpersonationHelper.GetSafeTokenHandle(remoteUser, remotePassword, remoteDomain);

using (safeTokenHandle)
{
    using (WindowsIdentity newId = new WindowsIdentity(safeTokenHandle.DangerousGetHandle()))
    {
        using (WindowsImpersonationContext impersonatedUser = newId.Impersonate())
        {
            // do stuff here the same as you would locally
        }
    }
 }
相关问题
最新问题