写入文件时未经授权的访问
[英]Unauthorized access when writing to file
问题描述
I have a asp.net website where the users have the possibility to print a document.
我有一个 asp.net 网站,用户可以在其中打印文档。 This document is first written to a folder on the server and then opened/printed by the client.该文档首先写入服务器上的文件夹,然后由客户端打开/打印。 When deploying the website on IIS server I did encounter a few times issues when a user tried to print the document.在 IIS 服务器上部署网站时,当用户尝试打印文档时,我确实遇到了几次问题。 Apparently the IIS user on the server had insufficient access rights to write to the local folder and thus throwing an unauthorized access exception.显然,服务器上的 IIS 用户没有足够的访问权限来写入本地文件夹,因此引发了未经授权的访问异常。
which one is the IIS user and how do I give it write access to a folder on the server in .net?哪一个是 IIS 用户,如何授予它对 .net 中服务器上的文件夹的写入权限?
5 个解决方案
解决方案1
2 已采纳 2009-04-01 20:09:40
I would give write / modify access to the IUSR_MACHINE and NETWORK SERVICE accounts.我将授予对 IUSR_MACHINE 和 NETWORK SERVICE 帐户的写入/修改权限。 To actually change the permissions, find the folder in Windows Explorer, get the Folder Properties.要实际更改权限,请在 Windows 资源管理器中找到文件夹,获取文件夹属性。 On the security tab, click the user in the list (you may have to "ADD" a user to the list first), then check the appropriate checkboxes under the Allow column.在安全选项卡上,单击列表中的用户(您可能必须先将用户“添加”到列表中),然后选中允许列下的相应复选框。
As an aside, when ever I am stumped by a permissions issue, Sysinternals Process Monitor nearly always solves it.顺便说一句,当我被权限问题难住时,Sysinternals Process Monitor 几乎总能解决它。 Run procmon.exe, set up the filters by excluding processes of known good processes (Right click on the process name, and select "Exclude 'explorer.exe'").运行procmon.exe,通过排除已知良好进程的进程设置过滤器(右键单击进程名称,select“排除'explorer.exe'”)。 I also typically exclude known results like SUCCESS, and a few others.我通常也会排除已知结果,如 SUCCESS 和其他一些结果。 You can then reproduce the problem, and a bright shining "ACCESS DENIED" entry will be listed at the bottom of the list, including the name of the user account, and the specific asset it was trying to access.然后,您可以重现该问题,列表底部将列出一个闪亮的“拒绝访问”条目,包括用户帐户的名称,以及它试图访问的特定资产。
Download Link: http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx下载链接: http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
解决方案2
0 2009-04-01 19:54:31
Usially it's NETWORK SERVICE user, grand to it write permissions on the required folder.通常它是 NETWORK SERVICE 用户,它对所需文件夹具有写入权限。
解决方案3
0 2009-04-01 19:55:34
There's also frequently a user named "IUSR" that is used by that process.该进程还经常使用一个名为“IUSR”的用户。
解决方案4
0 2009-04-01 19:58:36
On server class operating systems, ASP.NET 2.0 runs under the "Network Service" account.在服务器 class 操作系统上,ASP.NET 2.0 在“网络服务”帐户下运行。 (I'm not sure whether it uses a different account for XP.) (我不确定它是否使用不同的 XP 帐户。)
Rather than giving that account more access, it's probably worth making ASP.NET run under a dedicated account.与其赋予该帐户更多访问权限,不如让 ASP.NET 在专用帐户下运行。 This PDF explains how to do it. 这个 PDF解释了如何做到这一点。 (That explains for IIS 6.0; it may be slightly different under IIS 7.0, but it's probably broadly the same.) (这解释了 IIS 6.0;在 IIS 7.0 下可能略有不同,但可能大致相同。)
解决方案5
0 2009-04-01 20:00:28
You can use ASP.NET impersonation - http://msdn.microsoft.com/en-us/library/aa292118(VS.71).aspx - to check if your program can run under a chosen user account.您可以使用 ASP.NET 模拟 - http://msdn.microsoft.com/en-us/library/aa292118(VS.71).aspx - 检查您的程序是否可以在选定的用户帐户下运行。
I find this to be quite useful for exploring account permissions related issues.我发现这对于探索与帐户权限相关的问题非常有用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.