[英]Virtual Folder accessible from IIS, but not from web page
I've been trying for a while to reduce what I'm trying to do to its simplest, working form.一段时间以来,我一直在尝试将我正在尝试做的事情减少到最简单的工作形式。
At this point, my setup consists of:此时,我的设置包括:
Not too surprising at this point;在这一点上并不太令人惊讶; probably permissions related.
可能与权限有关。 So I start to fiddle with NTFS permissions.
所以我开始摆弄NTFS权限。
Before I change anything, I notice that this folder has the System account listed with full control, along with MY account also with Full Control (and also MY account as the owner).在我更改任何内容之前,我注意到该文件夹列出了具有完全控制权的系统帐户,以及具有完全控制权的我的帐户(以及作为所有者的我的帐户)。
I'll start by adding the Network Service account with (default) Permissions as Read & Execute, List Folder Content and Read permissions;我将首先添加具有(默认)权限为读取和执行、列出文件夹内容和读取权限的网络服务帐户; however, no luck.
然而,没有运气。
I'll then add the IIS_IUSRS account;然后我将添加 IIS_IUSRS 帐户; with the same default permissions;
具有相同的默认权限; still getting access denied.
仍然拒绝访问。
At this point I don't want to go any further because my - surely limited - understanding of such things - tells me this should work.在这一点上,我不想再进一步了,因为我 - 当然有限 - 对这些事情的理解 - 告诉我这应该有效。
Shouldn't it?不应该吗?
The why isn't it?为什么不是呢?
Or we can turn this around the other way and ask: What's the minimum permission(s) needed on a (virtual) folder sitting outside the Root IIS folder so that you can list its content by clicking a link on a practically naked HTML file on a practically clean Windows + IIS install?或者我们可以反过来问:位于 IIS 根文件夹外的(虚拟)文件夹所需的最低权限是多少,以便您可以通过单击一个几乎裸露的 HTML 文件上的链接来列出其内容一个几乎干净的 Windows + IIS 安装?
Thank you,谢谢,
Flood洪水
Adding permissions for IIS_IUSRS
was correct but not necessary for Network Service
, as long as you don't use it as the identity for the application pool.为
IIS_IUSRS
添加权限是正确的,但对于Network Service
不是必需的,只要您不将其用作应用程序池的标识。
At this point you have two options to make this work.在这一点上,您有两种选择来完成这项工作。
iusr
to "d:\\myfiles\\"iusr
权限添加到“d:\\myfiles\\” or或者
Anonymous Authentication Credentials
for your site.Anonymous Authentication Credentials
。 In IIS Manager select your site, double-click the Authentication
icon and select Anonymous Authentication
, on the right side click Edit...
and then tick Application Pool Identity
.在 IIS 管理器中选择您的站点,双击
Authentication
图标并选择Anonymous Authentication
,在右侧单击Edit...
然后勾选Application Pool Identity
。
Now rather than IUSR
, the application pool identity account is used to access the files and that account is automatically a member of IIS_IUSRS
which already has permissions.现在,而不是
IUSR
,应用程序池标识帐户用于访问文件,并且该帐户自动成为IIS_IUSRS
的成员,该成员已经具有权限。
So to summaries, without making this change, both IUSR
and IIS_IUSRS
need read access.因此,总结一下,如果不进行此更改,
IUSR
和IIS_IUSRS
需要读取访问权限。
I usually take IUSR
out of the picture and just work with IIS_IUSRS
or the actual application pool identities.我通常不考虑
IUSR
,只使用IIS_IUSRS
或实际的应用程序池标识。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.