堆栈内存溢出
  简体   繁体   English

尝试在ASP.NET应用程序中读取/写入文件时的权限问题

[英]Permissions issue when trying to read/write file in ASP.NET application

 原文  2014-08-19 08:03:58       c#/ asp.net/ permissions/ impersonation

问题描述

We have a .net web application. 我们有一个.net Web应用程序。 The web application is setup in IIS and runs under an AppPool which runs under Domain\\User1 Web应用程序在IIS中设置,并在AppPool下运行,该AppPool在Domain \\ User1下运行

This web application has C#.NET code that makes access to a file on server. 此Web应用程序具有C#.NET代码,可以访问服务器上的文件。 Problem is that only Domain\\User2 has rights to this file for read/edit. 问题是只有Domain \\ User2才有权使用此文件进行读取/编辑。

We know that the .NET code will run under the credentials of the AppPool account (that is: Domain\\User1). 我们知道.NET代码将在AppPool帐户的凭据下运行(即:Domain \\ User1)。 Hence if we try to read/write file in .NET code of the web application, then it will throw error. 因此,如果我们尝试在Web应用程序的.NET代码中读/写文件,那么它将抛出错误。

What is the possible approaches I can use so that I can access this file? 我可以使用哪些可能的方法来访问此文件? I am not allowed to change the AppPool user as per our company policy. 我不允许根据公司政策更改AppPool用户。 If this was possible then the code could access/write to the file. 如果这是可能的,那么代码可以访问/写入文件。 Also, I cannot change the permission of the file and allow Domain\\User2 access to it again because of company policy. 此外,由于公司策略,我无法更改文件的权限并允许Domain \\ User2再次访问它。

What other option do I have? 我还有其他选择吗?

Can I run only the file read/write part of code as Domain\\User2 via .NET code? 我可以通过.NET代码仅将文件读/写部分代码作为Domain \\ User2运行吗?

3 个解决方案

解决方案1
 4  2014-09-03 00:37:57

Impersonation won't work in your case either as you are "allowing access to asp.net running as the first user and you indicate that this is prohibited by corporate policy. The solution is twofold: 模仿不适用于你的情况,因为你“允许访问作为第一个用户运行的asp.net,并且你表明这是公司政策禁止的。解决方案是双重的:

  • explain the need to your manager and get approval 向经理解释需要并获得批准
  • add an acl to the file so that the app pool user can write to the file 在文件中添加一个acl,以便app pool用户可以写入该文件

An alternative would be to set up a service account that no user has access to and use that to access the file in question. 另一种方法是设置一个用户无权访问的服务帐户,并使用该帐户访问相关文件。

解决方案2
 3  2014-09-02 11:33:13

Did you think about writing a service for file upload/download? 您是否考虑过为文件上传/下载编写服务? It can run on server where only Domain\\User2 has rights to access files. 它可以在只有Domain \\ User2有权访问文件的服务器上运行。

解决方案3
 1  2014-09-09 10:33:56

Better you can go with 'WindowsAuthentication' in IIS , this will help you access WindowAccount in your web application . 您可以更好地使用IIS中的“WindowsAuthentication”,这将帮助您在Web应用程序中访问WindowAccount。 Also you are able to restrict user respect to UserGroup, User type,etc 您还可以限制用户对UserGroup,用户类型等的尊重

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 asp.net MVC应用程序中的文件读写内存泄漏 - file read write memory leak in asp.net mvc application ASP.NET应用程序中的文件锁定(读/写) - File Locking (Read/Write) in ASP.NET Application 从asp.net应用程序对文本文件进行读/写操作 - read/write operation to text file from asp.net application 通过asp.net站点执行File.Exists时出现权限问题 - Issue with permissions when executing a File.Exists through asp.net site ASP.NET MVC-尝试读写文本文件时出错 - ASP.NET MVC - error while trying to read and write to text file GRant访问从文件夹到ASp.net应用程序的写入和读取 - GRant Access to write and read from a Folder to ASp.net application 使用asp.net从xml文件写入/读取时保留回车 - Preserve carriage returns when i write/read from xml file using asp.net 尝试读取xml文件时的ASP.Net,“在不存在的网络连接上尝试了操作” - ASP.Net when trying to read xml file, “An operation was attempted on a nonexistent network connection” 如何在ASP.NET的客户端读取/写入文件 - How to read/write file on client side in ASP.NET 尝试从asp.net应用程序写入文件时出现System.UnauthorizedAccessException - System.UnauthorizedAccessException when attempting to write a file from an asp.net application
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM