可从 IIS 访问的虚拟文件夹,但不能从网页访问
[英]Virtual Folder accessible from IIS, but not from web page
问题描述
I've been trying for a while to reduce what I'm trying to do to its simplest, working form.
一段时间以来,我一直在尝试将我正在尝试做的事情减少到最简单的工作形式。
At this point, my setup consists of:此时,我的设置包括:
- Clean Windows 10 install.清洁 Windows 10 安装。
- Clean IIS 10 install.清洁 IIS 10 安装。
- In IIS, I added a Virtual Directory aliased as "dddd" pointing to folder "d:\\myfiles\\" (which is outside the root web folder).在 IIS 中,我添加了一个别名为“dddd”的虚拟目录,指向文件夹“d:\\myfiles\\”(位于根 Web 文件夹之外)。
- In IIS, when I right click on "dddd" > Explore: Windows Explorer comes up with my list of files just fine.在 IIS 中,当我右键单击“dddd”>“浏览”时:Windows 资源管理器提供了我的文件列表就好了。
- In IIS, however, when I right click on "dddd" > click "Manage Virtual Directory" > Browse > I get "Access is denied".但是,在 IIS 中,当我右键单击“dddd”> 单击“管理虚拟目录”> 浏览 > 我得到“访问被拒绝”。
Not too surprising at this point;在这一点上并不太令人惊讶; probably permissions related.可能与权限有关。 So I start to fiddle with NTFS permissions.所以我开始摆弄NTFS权限。
Before I change anything, I notice that this folder has the System account listed with full control, along with MY account also with Full Control (and also MY account as the owner).在我更改任何内容之前,我注意到该文件夹列出了具有完全控制权的系统帐户,以及具有完全控制权的我的帐户(以及作为所有者的我的帐户)。
I'll start by adding the Network Service account with (default) Permissions as Read & Execute, List Folder Content and Read permissions;我将首先添加具有(默认)权限为读取和执行、列出文件夹内容和读取权限的网络服务帐户; however, no luck.然而,没有运气。
I'll then add the IIS_IUSRS account;然后我将添加 IIS_IUSRS 帐户; with the same default permissions;具有相同的默认权限; still getting access denied.仍然拒绝访问。
At this point I don't want to go any further because my - surely limited - understanding of such things - tells me this should work.在这一点上,我不想再进一步了,因为我 - 当然有限 - 对这些事情的理解 - 告诉我这应该有效。
Shouldn't it?不应该吗?
The why isn't it?为什么不是呢?
Or we can turn this around the other way and ask: What's the minimum permission(s) needed on a (virtual) folder sitting outside the Root IIS folder so that you can list its content by clicking a link on a practically naked HTML file on a practically clean Windows + IIS install?或者我们可以反过来问:位于 IIS 根文件夹外的(虚拟)文件夹所需的最低权限是多少,以便您可以通过单击一个几乎裸露的 HTML 文件上的链接来列出其内容一个几乎干净的 Windows + IIS 安装?
Thank you,谢谢,
Flood洪水
1 个解决方案
解决方案1
2 已采纳 2015-09-01 06:44:57
Adding permissions for IIS_IUSRS was correct but not necessary for Network Service , as long as you don't use it as the identity for the application pool.为IIS_IUSRS添加权限是正确的,但对于Network Service不是必需的,只要您不将其用作应用程序池的标识。
At this point you have two options to make this work.在这一点上,您有两种选择来完成这项工作。
- Adding permissions for
iusrto "d:\\myfiles\\"将iusr权限添加到“d:\\myfiles\\”
or或者
- Change the
Anonymous Authentication Credentialsfor your site.更改您站点的Anonymous Authentication Credentials。
In IIS Manager select your site, double-click the Authentication icon and select Anonymous Authentication , on the right side click Edit... and then tick Application Pool Identity .在 IIS 管理器中选择您的站点,双击Authentication图标并选择Anonymous Authentication ,在右侧单击Edit...然后勾选Application Pool Identity 。
Now rather than IUSR , the application pool identity account is used to access the files and that account is automatically a member of IIS_IUSRS which already has permissions.现在,而不是IUSR ,应用程序池标识帐户用于访问文件,并且该帐户自动成为IIS_IUSRS的成员,该成员已经具有权限。
So to summaries, without making this change, both IUSR and IIS_IUSRS need read access.因此,总结一下,如果不进行此更改, IUSR和IIS_IUSRS需要读取访问权限。
I usually take IUSR out of the picture and just work with IIS_IUSRS or the actual application pool identities.我通常不考虑IUSR ,只使用IIS_IUSRS或实际的应用程序池标识。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.