简体繁体 English

Windows 2003，IIS6 Web服务登录故障排除

[英]Windows 2003, IIS6 Webservice login troubleshoot

原文 2008-11-26 13:57:04 6 2 c#/ iis-6/ windows-server-2003

Environment: 环境：

win2003 running IIS6 serving asp pages that call delphi code. 运行IIS6的win2003服务于调用delphi代码的ASP页面。

Delphi code contacts a c# webservice for which it needs to login ( login.asmx ). Delphi代码联系需要登录的c＃Web服务（ login.asmx ）。 Webservice logs show login is successful. Web服务日志显示登录成功。 Debug results show that Context.User.Identity.IsAuthenticated returns true . 调试结果表明Context.User.Identity.IsAuthenticated returns true 。

After login, delphi code doublechecks if it is still authenticated. 登录后，delphi代码会再次检查其是否仍通过身份验证。 Webservice returns false -> Context.User.Identity.IsAuthenticated returns false . Webservice返回Context.User.Identity.IsAuthenticated returns false > Context.User.Identity.IsAuthenticated returns false 。

Our guess: authentication cookie received by delphi code running under IIS6 credentials (network service?) does not get saved to disk, so login is lost. 我们的猜测：在IIS6凭据（网络服务？）下运行的delphi代码收到的身份验证cookie不会保存到磁盘，因此登录丢失。

Filemon shows 'C:\\WINDOWS\\Temp\\Temporary Internet Files' access denied. Filemon显示'C:\\WINDOWS\\Temp\\Temporary Internet Files'访问被拒绝。 Giving IIS6 user admin rights on that folder fixes the problem, but is not acceptable since cookies should work by default. 在该文件夹上授予IIS6用户管理员权限可以解决此问题，但由于默认情况下cookie应该起作用，因此不能接受。

Running IIS6 in IIS5 compatibility mode fixes the problem, but is also not preferred 在IIS5兼容模式下运行IIS6可解决此问题，但也不是首选

Wanted solution: exact cause of problem and smallest modification possible in configuration (giving admin rights to IUSR is not an option) 所需的解决方案：问题的确切原因和最小的配置更改（不授予IUSR管理员权限）

2 个解决方案

Cookies do work by default, but you have to have somewhere to store them. 默认情况下，Cookie确实可以工作，但是您必须在某个地方存储它们。 If you don't want to give access to the normal place where they are stored, then you will need to set up another directory that you can give rights to and set it up as the internet cache for the IIS6 user. 如果您不想访问它们的正常存储位置，则需要设置可以授予权限的另一个目录，并将其设置为IIS6用户的Internet缓存。

A couple quick resources that may help, given that for this type of problem you have a fairly large number of potential issues, see this . 鉴于对于这类问题您有相当多的潜在问题，可以使用几个快速的资源来帮忙，请参阅此。

One important difference between IIS5 and IIS6 is that Windows 2003 underwent a significant security lockdown with the SP1 update. IIS5和IIS6之间的一个重要区别是Windows 2003随SP1更新进行了重要的安全锁定。 There are a very large number of things that worked for Windows 2000 that just will not in 2003 (and should not have - they opened the door to all sorts of shenanigans). 对于Windows 2000而言 ，有很多功能在2003年将无法使用（并且不应使用-它们为各种诡计打开了大门）。 Trying to track down all the places where IIS6 locked stuff down might be challenging, instead I would use the above resource to track down the common issues people are running into with IIS6 . 试图追查其中IIS6锁定下来的东西可能是具有挑战性的所有地方，而不是我会用上面的资源来跟踪人们正在运行与IIS6的常见问题。