iis启用了Windows身份验证访问网络共享
[英]iis access network share with windows authentication enabled
问题描述
I hope someone here can help me. 
我希望这里有人可以帮助我。 I've googled around for about 3 hours on this problem and found nothing helpful. 我已经在这个问题上搜索了大约3个小时,但没有发现任何有用的信息。 (And no, the answers under stackoverflow.com/questions/1539506 didn't help) (不,stackoverflow.com/questions/1539506下的答案没有帮助)
I've an IIS 7 with PHP installed. 我安装了PHP 7的IIS 7。 I set the authentication mode for my test website to "windows authentication". 我将测试网站的身份验证模式设置为“Windows身份验证”。 That all works good (I receive the "REMOTE_USER" in PHP). 这一切都很好(我在PHP中收到“REMOTE_USER”)。
Now i have to access a network share with "scandir()" and "is_file()" and some other functions, but I only get error messages like "Access is denied" or "failed to open dir: No such file or directory". 现在我必须使用“scandir()”和“is_file()”以及其他一些函数访问网络共享,但我只收到错误消息,如“访问被拒绝”或“无法打开目录:没有这样的文件或目录” 。
The permissions are set correct: if i set the authentication to "anonymous" and set the "user identity" to my current test user, it all works fine, but i have to use "windows authentication" 权限设置正确:如果我将身份验证设置为“匿名”并将“用户身份”设置为我当前的测试用户,一切正常,但我必须使用“Windows身份验证”
I also have tried to set up the network share as a virtual directory, but PHP didnt found this directory (phpinfo() says the "virtual directory support" is disabled but I didn't found anything about how to enable this) 我也尝试将网络共享设置为虚拟目录,但PHP没有找到此目录(phpinfo()表示“虚拟目录支持”被禁用但我没有找到任何关于如何启用此功能)
PS: I tried the same PHP configuration with an apache server and there it all works perfect. PS:我尝试使用apache服务器进行相同的PHP配置,并且一切都很完美。 (with "auth_sspi" Module and "reqire valid-user" directive). (使用“auth_sspi”模块和“reqire valid-user”指令)。 But I have to get this work on the IIS. 但我必须在IIS上完成这项工作。
1 个解决方案
解决方案1
1 已采纳 2013-09-17 14:54:41
I faced this challenge this morning on a simple file organization app I've been working on. 我今天早上在一个我一直在努力的简单文件组织应用程序上遇到了这个挑战。
I haven't looked at this from the point of view of a security expert though I have a hunch this isn't ideal. 我没有从安全专家的角度来看这个,虽然我有预感这不太理想。 My app is private so I'm not too worried. 我的应用程序是私有的,所以我不太担心。 As far as I know the issue is that the network share must be mounted/authorized by the IIS AppPool user. 据我所知,问题是网络共享必须由IIS AppPool用户安装/授权。
I found this example for executing system calls on the man page for the PHP System Call : 我发现这个例子用于在PHP系统调用的手册页上执行系统调用:
<?php
function my_exec($cmd, $input = '')
{
$desc = array(
0 => array('pipe', 'r'),
1 => array('pipe', 'w'),
2 => array('pipe', 'w')
);
$proc = proc_open($cmd, $desc, $pipes);
fwrite($pipes[0], $input);
$stdout = stream_get_contents($pipes[1]);
$stderr = stream_get_contents($pipes[2]);
fclose($pipes[0]);
fclose($pipes[1]);
fclose($pipes[2]);
$rtn = proc_close($proc);
return array('stdout' => $stdout, 'stderr' => $stderr, 'return' => $rtn);
}
?>
I was able to then call this and access the share: 然后我能够调用它并访问共享:
my_exec('net use \\\\$MachineName\$ShareName /user:$User $Pass');
I found that even with single quotes I had to double escape the leading \\. 我发现,即使使用单引号,我也必须双重逃避领先\\。 If you use variables and change the quotes to double, you will probably have to do some tweaking to get it right. 如果您使用变量并将引号更改为double,则可能需要进行一些调整以使其正确。
Please let me know how this works out for you as I'm a bit curious. 请告诉我这对你有什么用,因为我有点好奇。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.