堆栈内存溢出
  简体   繁体   English

ASP.NET - 在应用程序外部读取和写入文件系统

[英]ASP.NET - Reading and writing to the file-system, outside the application

 原文  2009-09-25 21:38:23       c#/ asp.net/ iis/ permissions

问题描述

Is there a way to access the file-system outside of the current ASP.NET application, without going around giving IIS_IUSRS permissions? 有没有办法访问当前ASP.NET应用程序之外的文件系统,而无需给予IIS_IUSRS权限? For example, if I wanted this line to work: 例如,如果我想要这条线工作: 

logStream = File.Open("C:\logs\app.log", FileMode.Append, FileAccess.Write, FileShare.ReadWrite);

... I'd have to normally grant read/write permission to C:\\logs\\app.log to the IIS_IUSRS group. ...我通常必须向C:\\logs\\app.log授予对IIS_IUSRS组的读/写权限。 This gets annoying for setting the app up on new systems, where the directories which need to be accessed can be in different locations. 这使得在新系统上设置应用程序变得很烦人,其中需要访问的目录可以位于不同的位置。 Is there any way to tell ASP.NET what directories it should have access to? 有没有办法告诉ASP.NET它应该访问哪些目录?

2 个解决方案

解决方案1
 6 已采纳  2009-09-25 22:00:38

You can do this using impersonation, but I would urge you not to do this. 你可以使用模仿来做到这一点,但我会敦促你不要这样做。 You're getting into very risky areas as far as security is concerned. 就安全性而言,你正陷入风险很高的领域。 If you're not 100% sure of the access permissions of the identity you are impersonating, then you run the very real risk of allowing hackers to get at areas of your server that you did not intend. 如果您不是100%确定您正在冒充的身份的访问权限,那么您将面临允许黑客访问您不想要的服务器区域的真正风险。 Setting up ACL's properly is time consuming, and you do NOT want to just use an administrative or super user. 正确设置ACL非常耗时,您不希望仅使用管理员或超级用户。 You'd want to set up a user specifically for this purpose, and if you're doing that, you're just adding a step to what you're already doing. 您需要专门为此目的设置一个用户,如果您正在这样做,那么您只需向您已经在做的事情添加一个步骤。

A better solution would be to design your app to write to a folder that your application controls. 更好的解决方案是将应用程序设计为写入应用程序控制的文件夹。 Your installation can create the folder on the machine and grant permissions automatically, rather than relying on an existing system folder. 您的安装可以在计算机上创建文件夹并自动授予权限,而不是依赖于现有的系统文件夹。

http://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_impersonationdelegation http://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_impersonationdelegation

解决方案2
 2  2009-09-26 01:18:43

您还可以将AppPool设置为在具有相应凭据的帐户下运行。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在文件系统级别同步写入文件 - Synchronize writing to a file at file-system level 在asp.net上读写 - Reading & Writing in asp.net 在ASP.NET读写过程中锁定XML文件 - Locking a XML file during reading and writing in ASP.NET 为什么ASP.NET应用程序中的Console.WriteLine无法写入文件? - Why Console.WriteLine in ASP.NET application not writing to file? 写入Asp.Net中的文件 - Writing to a file in Asp.Net 使用asp.net mvc应用程序编写URL - Writing url with an asp.net mvc application ASP.Net应用程序之外的MailDefinition - MailDefinition Outside of ASP.Net Application .net 框架是否提供用于处理文件系统的异步方法? - Does the .net framework provides async methods for working with the file-system? 如何在ASP.net网页的服务器端使用文本文件读/写? - How to use text file reading/writing in server side of ASP.net web page? 在 IIS 8 上托管的 ASP.NET Web 应用程序上读取系统事件日志条目时访问被拒绝 - Access denied when reading system event log entries on ASP.NET web application hosted on IIS 8
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM