堆栈内存溢出
  简体   繁体   English

如何设置IIS Web应用程序,使其无需AD即可访问网络共享?

[英]How do you setup an IIS Web App so it can access a network share without an AD?

 原文  2014-06-20 18:50:05       iis/ windows-server-2012/ iis-8/ windows-server-2012-r2/ iis-8.5

问题描述

I have three Windows Server 2012 R2 without any AD in a DMZ network. 我有三个Windows Server 2012 R2,而DMZ网络中没有任何AD。 Two servers are front end web servers with ASP.NET and one have SQL Server and a network share that both front end servers use for shared data. 两台服务器是具有ASP.NET的前端Web服务器,一台具有SQL Server和网络共享,两台前端服务器均使用这些网络共享数据。

My problem is how do I configure the Application Pool identity and the Network Share so the ASP.NET application can read and write to the network share? 我的问题是如何配置应用程序池标识和网络共享,以便ASP.NET应用程序可以读写网络共享?

This is simple with an AD available when you can use domain accounts for the application pool identity but there is no AD available in this setup. 当您可以将域帐户用作应用程序池标识但此设置中没有可用的AD时,这很简单,并且可用AD。

3 个解决方案

解决方案1
 0  2014-06-20 22:07:48

I will answer my own question since I succeeded to setup the server. 自成功安装服务器以来,我将回答自己的问题。 This is what I did: 这是我所做的:

1) Create an account with the same username and password on all three servers. 1)在所有三台服务器上创建一个具有相同用户名和密码的帐户。 Make sure that does not expire or must be changed. 确保没有过期或必须更改。

2) Create a Network Share and give the new account read/write rights. 2)创建一个网络共享,并赋予新帐户读/写权限。 I also tested that I could connect from the front end servers using the new account to verify that no firewalls are in the way. 我还测试了可以使用新帐户从前端服务器进行连接,以验证是否没有防火墙。

3) Included the user in the IIS_IUSRS group that indirectly gives it Logon as Batch Job rights. 3)将用户包括在IIS_IUSRS组中,该用户间接授予其“作为批处理作业”登录的权限。

4) Run the following command to grant rights to the user 4)运行以下命令向用户授予权限 

aspnet_regiis -ga <your_app_pool_user>

See more: How To: Create a Service Account for an ASP.NET 2.0 Application (MSDN) 查看更多: 如何:为ASP.NET 2.0应用程序(MSDN)创建服务帐户

5) Restarted WAS and IIS to make sure the changes to the accounts group membership takes hold if tried to use the account. 5)重新启动WAS和IIS,以确保如果尝试使用帐户,则对帐户组成员身份所做的更改将被保留。 

C:> net stop was /y
C:> net start w3svc

6) Create an Application Pool and set the Identity. 6)创建一个应用程序池并设置标识。

This is the part where I got stuck with error messages when trying to set the identity. 这是我尝试设置身份时遇到错误消息的地方。

From IIS Manager I got the following error dialog: "There was an error while performing this operation. Details: Value does not fall within the expected range." 从IIS管理器中,我收到以下错误对话框:“执行此操作时出错。详细信息:值不在预期范围内。”

Trying to set the App Pool identity from the command line I receive a similar error: 尝试从命令行设置应用程序池标识时,我收到类似的错误: 

C:> appcmd set config /section:applicationPools 
     /[name='test-pool'].processModel.identityType:SpecificUser 
     /[name='test-pool'].processModel.userName:MyAccountName 
     /[name='test-pool'].processModel.password:P@ssw0rd

ERROR ( hresult:80070057, message:Failed to commit configuration changes.
  The parameter is incorrect.
 )

When I remove the last parameter, password, the command will succeed changing identity type and setting the username but I did never figure out why I could not set the password so I retorted to editing my applicationHost.config file directly. 当我删除最后一个参数password时,该命令将成功更改身份类型并设置用户名,但是我一直没有弄清楚为什么不能设置密码,因此我拒绝直接编辑applicationHost.config文件。 Unfortunately with the the password ending up in clear text. 不幸的是,密码以明文结尾。 

<configuration>
   ...
    <system.applicationHost>
        <applicationPools>
            ...
            <add name="test-pool" managedRuntimeVersion="v4.0">
                <processModel identityType="SpecificUser" 
                  userName="MyAccountName" password="P@ssw0rd" />
            </add>
            ...
        </applicationPools>
        ...
    </system.applicationHost>
    ...
</configuration>

7) Finally I set my Web Application to use the application and it could access the Network Share without any issues. 7)最后,我将Web应用程序设置为使用该应用程序,它可以毫无问题地访问Network Share。

解决方案2
 0  2015-03-30 13:32:48

I had the same problem but couldn't let the password in clear text so I dig a little further and found this article : http://social.technet.microsoft.com/wiki/contents/articles/30344.custom-iis-app-pool-identity-value-does-not-fall-within-the-expected-range.aspx 我遇到了同样的问题,但是不能让密码以明文形式显示,因此我进一步进行了深入研究,发现了本文: http : //social.technet.microsoft.com/wiki/contents/articles/30344.custom-iis-应用程序池身份值此结果不下落在之内的预期,range.aspx

The key step to diagnose is to look at the right events : 诊断的关键步骤是查看正确的事件:

To figure out how to resolve this, I went into the event viewer. 为了弄清楚如何解决此问题,我进入了事件查看器。 There was nothing in the Application log, so I headed down to Applications and Services Logs => Microsoft => Windows => IIS-Configuration. 应用程序日志中没有任何内容,因此我转到应用程序和服务日志=> Microsoft => Windows => IIS-Configuration。 The logs in here are disabled by default, so they have to be enabled. 默认情况下,此处的日志处于禁用状态,因此必须将其启用。 (To do so, right click the log, and choose Enable log.) Once enabled, re-run the attempt to set the identity, and refresh the view (Actions pane or F5), and voila!, now we have some more information on the error. (为此,请右键单击日志,然后选择“启用日志”。)启用后,重新运行尝试以设置标识,并刷新视图(“操作”窗格或F5),瞧!,现在我们有了更多信息。关于错误。 In the results were two Errors (event ID 42 and 43). 结果是两个错误(事件ID 42和43)。

I had the same event errors as in the article : 我有与文章相同的事件错误:

ID 42: Failed to initialize the 'IISWASOnlyAesProvider' encryption provider in '\\?\\C:\\windows\\system32\\inetsrv\\config\\applicationHost.config'. ID 42:无法在“ \\?\\ C:\\ windows \\ system32 \\ inetsrv \\ config \\ applicationHost.config”中初始化“ IISWASOnlyAesProvider”加密提供程序。 Please check your configuration. 请检查您的配置。

ID 43: Failed to encrypt attribute 'Microsoft.ApplicationHost.AesProtectedConfigurationProvider'. ID 43:无法加密属性“ Microsoft.ApplicationHost.AesProtectedConfigurationProvider”。

Then I did the following : 然后我做了以下工作:

  • restore an old version of the ConfigEncKey.key file (to c:\\windows\\System32\\inetsrv\\config ) 恢复旧版本的ConfigEncKey.key文件(到c:\\windows\\System32\\inetsrv\\config
  • replace the <configProtectedData><providers> section by an old one (in c:\\windows\\System32\\inetsrv\\config\\applicationHost.config ) 用旧的替换<configProtectedData><providers>部分(在c:\\windows\\System32\\inetsrv\\config\\applicationHost.config

Then I can again set a custom identity to the application pool. 然后,我可以再次为应用程序池设置自定义身份。

解决方案3
 0  2015-05-13 17:21:10

Had similar problem. 有类似的问题。 Reinstalled the IIS Manager and got a new applicationHost.config When I did the WinDiff on the new and old files I noticed that the SessionKey were different. 重新安装IIS管理器并获得一个新的applicationHost.config。当我在新旧文件上执行WinDiff时,我注意到SessionKey是不同的。 Works now. 现在可以使用。 AesProvider and IISWASOnlyAesProvider AesProvider和IISWASOnlyAesProvider

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何设置Web应用程序连接,以便我可以在IIS Express和Auzure云中本地运行它们 - How to setup web app connection so that I can run them locally in IIS express and in the Auzure cloud 如何访问域外的网络共享(IIS) - How to access to a network share out of domain (IIS) 您可以在IIS中托管ServiceStack Web App吗? - Can you host a ServiceStack Web App in IIS? 您无权访问 IIS 配置文件 - Web 应用程序错误 - You do not have permission to access the IIS configuration file - Web app error 通过IIS 7上的.NET Web App访问网络文件 - Access network file via .NET Web App on IIS 7 IIS和SQL位于不同的服务器上-如何为.net应用设置用户帐户? - IIS and SQL on separate servers - how do you setup a user account for .net app? 如何设置IIS,以便它可以处理HTML页面中的PHP代码 - how to setup IIS so that it can process PHP code in HTML pages 我如何在 windows ZC7C9B5ABC39FC7576817E8AA4A 上设置 asp.net web 应用程序 - How do i setup an asp.net web app on a windows iis iis启用了Windows身份验证访问网络共享 - iis access network share with windows authentication enabled 如何在 IIS 中为 OpenIddict 设置和检索加密和签名证书? - How do you setup and retrieve encryption and signing certificates in IIS for OpenIddict?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM