当我通过计算机 - >管理 - >本地用户和组启动AD组时,我可以在列表中看到IIS_IUSRS,因此我单击Administrators组的属性,然后单击添加...选择我的本地计算机的位置,确保对象类型具有“内置安全主体”,并在对象名称文本框中输入IIS_IUSRS,它告诉我无法找到IIS_IUSRS对象。
我在这里做错了什么(除了给予IIS_IUSRS管理员权限)?
答案 0 :(得分:0)
我不确定使用“内置”帐户IIS_IUSRS就像您可以添加到管理员的常规组帐户。有关该帐户的更多信息,请参阅: http://learn.iis.net/page.aspx/140/understanding-built-in-user-and-group-accounts-in-iis/
我的猜测是,在以自治模式运行网站以编写文件时,您遇到了权限问题。以下是从最佳到最差(IMO)的一些可能的建议:
1:使用模拟在代码中为该功能执行“提升”级别的任务。这是一个代码示例:(使用下面的模拟类/代码:Impersonation.vb)示例:
Using Impersonate As New Impersonation.Impersonate
Using Usr As System.Security.Principal.WindowsImpersonationContext
= Impersonate.ImpersonateUser("<domain username>", "<domain password>", "<domain>")
'do elevated security level task...
'System.IO.File.Copy(...)
Impersonate.UndoImpersonate(Usr)
End Using
结束使用
2:创建虚拟目录以在特定目录上执行“提升”任务。例如,在IIS中,您可以将其设置为不是自治的,并且具有提升的写入文件的权限。
3:在web.config中进行模拟
<identity impersonate="true" userName="accountname" password="password" />
--- Impersonation.vb ----
Imports System
导入System.Runtime.InteropServices Imports System.Security.Principal
命名空间模拟
Public Class Impersonate
Implements IDisposable
Private Declare Auto Function LogonUser Lib "advapi32.dll" ( _
ByVal lpszUsername As String, _
ByVal lpszDomain As String, _
ByVal lpszPassword As String, _
ByVal dwLogonType As Integer, _
ByVal dwLogonProvider As Integer, _
ByRef phToken As IntPtr) As Boolean
Declare Function GetLastError Lib "kernel32" () As Integer
Public Function ImpersonateUser(ByVal Username As String, ByVal Password As String, ByVal Domain As String) As WindowsImpersonationContext
Dim tokenHandle As New IntPtr(0)
Dim dupeTokenHandle As New IntPtr(0)
Dim mWIC As WindowsImpersonationContext = Nothing
tokenHandle = IntPtr.Zero
Dim loggedOn As Boolean = LogonUser(Username, Domain, Password, 8, 0, tokenHandle)
If loggedOn Then
Dim mWI As New WindowsIdentity(tokenHandle)
mWIC = mWI.Impersonate() 'start the impersonation
End If
Return mWIC
End Function
Public Function UndoImpersonate(ByVal mWIC As WindowsImpersonationContext) As Boolean
If mWIC IsNot Nothing Then
mWIC.Undo()
Return True
End If
Return False
End Function
Private disposedValue As Boolean = False ' To detect redundant calls
' IDisposable
Protected Overridable Sub Dispose(ByVal disposing As Boolean)
If Not Me.disposedValue Then
If disposing Then
' TODO: free managed resources when explicitly called
End If
' TODO: free shared unmanaged resources
End If
Me.disposedValue = True
End Sub
' This code added by Visual Basic to correctly implement the disposable pattern.
Public Sub Dispose() Implements IDisposable.Dispose
' Do not change this code. Put cleanup code in Dispose(ByVal disposing As Boolean) above.
Dispose(True)
GC.SuppressFinalize(Me)
End Sub
End Class
结束命名空间