经典ASP-文件移动IIS的权限被拒绝
[英]Classic ASP - Permission Denied on file move IIS
问题描述
I have a bit of an issue with Windows permissions, I have a script (which I didn't write) which uploads a file to a local temp area, then is moved and renamed to a UNC share. 
Windows权限存在一些问题,我有一个脚本(我没有写过),该脚本将文件上传到本地临时区域,然后移动并重命名为UNC共享。
I have tried: 我努力了:
Creating one domain user with domain rights, used that in the Connect As and Directory Security - Authentication and also is on the the target source as a read/write user. 使用“连接为和目录安全性-身份验证”中的权限创建一个具有域权限的域用户,并且作为读取/写入用户也位于目标源上。 I've logged in to a test server with that user and verified that this user can write to the source location, which it can. 我已经使用该用户登录到测试服务器,并确认该用户可以写入源位置。
But I get the error message: 但是我收到错误消息:
Microsoft VBScript runtime error '800a0046'
Permission denied
/Admin/News/insert.asp, line 56
The code in question attempting to perform the move is (although this may not be relevant to a security issue): 有问题的尝试执行移动的代码为(尽管这可能与安全性问题无关):
if fileUploaded then
dim fs,f,savedFileLocation
set fs=Server.CreateObject("Scripting.FileSystemObject")
savedFileLocation = server.MapPath("/Files") & "\Briefings\" & right("00" & day(now()),2) & right("00" & month(now()),2) & year(now()) & " - " & fileName
if not fs.FileExists(savedFileLocation) then
Set f=fs.GetFile(pathToFile)
f.Move(savedFileLocation)
end if
set f=nothing
set fs=nothing
end if
Any pointers would be gratefully acknowledged, I've found the security permissions with IIS a nightmare! 我们将不胜感激任何指针,我发现IIS的安全权限是一场噩梦!
2 个解决方案
解决方案1
0 已采纳 2014-04-17 17:33:50
IIS6 supports application pools and you can make application pools run as a named user account rather than IUSR. IIS6支持应用程序池,您可以使应用程序池以命名用户帐户而不是IUSR的身份运行。 If you have a AD domain handy then this can be a domain account and the sharing is straightforward. 如果您有一个AD域,那么它可以是一个域帐户,并且共享非常简单。 If you are not using an AD domain then you can still work around this -- just create an account with an identical username and password on both boxes and NTLM will automagically work. 如果您不使用AD域,则仍然可以解决此问题-只需在两个框中创建一个具有相同用户名和密码的帐户,NTLM就会自动工作。
It has been a while since I touched IIS6 but I seem to recall that IIS6 ran as NT AUTHORITY\\NETWORK SERVICE out of the box. 自从我接触IIS6以来已经有一段时间了,但是我似乎还记得IIS6作为NT AUTHORITY \\ NETWORK SERVICE开箱即用。 If this is the case and you've got a domain handy you can also give the magical DOMAIN\\MACHINENAME$ account permissions and it should also work. 如果是这种情况,并且您拥有一个方便的域,则还可以授予神奇的DOMAIN \\ MACHINENAME $帐户权限,它也应该可以使用。
解决方案2
0 2014-04-17 19:06:49
Try to open IIS property of this UNC folder/share in your site(my guess that it is setup as virtual folder) and see if your user have write permission there. 尝试在您的站点中打开此UNC文件夹/共享的IIS属性(我想它已设置为虚拟文件夹),并查看您的用户是否具有写权限。 Basically I would rather give write permission to app pool user instead of creating new one, but it is your choice. 基本上,我宁愿将权限授予应用程序池用户,而不是创建新的用户,但这是您的选择。 Because your app pool for the site will have to run under this user name. 因为您的网站应用程序池必须以该用户名运行。
In any case because file transfer happening under app pool user that whose permission on both folders(local and UNC share) you need to verify on each web server if you have clustered or load balanced system. 无论如何,由于文件传输是在应用程序池用户下进行的,因此在群集或负载平衡的系统中,您需要在每个Web服务器上验证其对两个文件夹(本地和UNC共享)的权限。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.