stackoom
  简体   繁体   中英

IIS 7.5, ASP.NET, impersonation, and access to C:\Windows\Temp

 原文  2010-06-07 13:08:47       asp.net/ iis-7/ windows-7/ permissions/ impersonation

Question

: One of our web applications requires write access to C:\\Windows\\Temp . :我们的一个Web应用程序需要对C:\\Windows\\Temp写访问。 However, no matter how much I weaken the NTFS permission, procmon shows ACCESS DENIED .

(which might or might not be relevant for the problem): We are using OLEDB to access an MS Access database (which is located outside of C:\\Windows\\Temp). (这可能是也可能不是相关的问题):我们正在使用OLEDB访问MS Access数据库(它位于的C :\\ WINDOWS \\ TEMP)。 Unfortunately, this OLEDB driver requires write access to the user profile's TEMP directory (which happens to be C:\\Windows\\Temp when running under IIS 7.5), otherwise the dreaded "Unspecified Error" OleDbException is thrown. See KB 926939 for details. I followed the steps in the KB article, but it doesn't help.

:

This is the output of icacls C:\\Windows\\Temp . For debugging purposes I gave full permissions to Everyone . 

C:\Windows\Temp NT AUTHORITY\SYSTEM:(OI)(CI)(F)
                CREATOR OWNER:(OI)(CI)(IO)(F)
                BUILTIN\IIS_IUSRS:(OI)(CI)(S,RD)
                BUILTIN\Users:(CI)(S,WD,AD,X)
                BUILTIN\Administrators:(OI)(CI)(F)
                Everyone:(OI)(CI)(F)

However, this is the screenshot of procmon:

procmon截图

Desired Access: Generic Read/Write, Delete
Disposition:    Create
Options:        Synchronous IO Non-Alert, Non-Directory File, Random Access, Delete On Close, Open No Recall
Attributes:     NT
ShareMode:      None
AllocationSize: 0
Impersonating:  MYDOMAIN\myuser

PS: When logged in as MYDOMAIN\\myuser , I can create files in C:\\Windows\\Temp using Windows Explorer without any problems.

: Relevant parts of web.config: :web.config的相关部分: 

 <authentication mode="Windows" />
 <identity impersonate="true" />
 <authorization>
   <deny users="?" />
   <allow users="*" />
 </authorization>

Authentication seems to work, ie, System.Security.Principal.WindowsIdentity.GetCurrent().Name (which is shown on my custom error page) returns MYDOMAIN\\myuser .

1 answers

solution1
 4  2010-06-15 03:27:17

您是否尝试过执行以下步骤: loadUserProfile和IIS 7临时目录失败

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question why does windows authentication / impersonation fail on asp.net application with iis 7.5 / windows 7 / IIS and ASP.NET impersonation ASP.NET Impersonation in IIS ASP.NET Windows Authentication not working in IIS 7.5 Asp.net on Windows 2003 R2 Enterprise on IIS 7.5 IIS 7.5 ASP.NET: Access to path is Denied Registry access for Asp.net web service in IIS 7.5 ASP.NET IIS 7.5 Error, Access Denied ADSI / IIS management and ASP.NET impersonation IIS 7.5 and ASP.NET credentials
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM