stackoom
  简体   繁体   中英

DirectoryEntry IIS access permission

 原文  2013-01-15 22:31:17       c#/ windows/ security/ iis/ iis-8

Question

I have one console application which list website binding in IIS 

using (var directoryEntry = new DirectoryEntry("IIS://localhost/w3svc/" + GetWebSiteId())) {
    var bindings = directoryEntry.Properties["ServerBindings"]; 
}

I call this console application from ASP.NET via process 

var process = new Process {
   StartInfo = new ProcessStartInfo {
       FileName = "c:/app.exe",
       Arguments = "check",
       UseShellExecute = false,
       RedirectStandardOutput = true,
       CreateNoWindow = true
    }
};

Everything works fine on development machine under Widows 7 / IIS 7.5, but when i test on Windows 2012 / IIS 8 im getting "Access is denied" error.

Error log 

"System.Runtime.InteropServices.COMException (0x80070005): Access is denied.
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_IsContainer()
at System.DirectoryServices.DirectoryEntries.ChildEnumerator..ctor(DirectoryEntry container)
at System.DirectoryServices.DirectoryEntries.GetEnumerator()
at IISSubdomainManagement.Program.GetWebSiteId()
at IISSubdomainManagement.Program.TotalBindings()
at IISSubdomainManagement.Program.Main(String[] args)"

ps Application pool identity is "ApplicationPoolIdentity"

I forget to mention, my console app works fine on my server when I run it from CMD

4 answers

solution1
 2  2013-01-15 22:36:44

You need to give permission to the IUSR account to access and execute C:\\app.exe . This link should provide you with the necessary information to find the right account.

solution2
 1  2013-01-15 22:51:17

You have probably granted the permission to 'ApplicationPoolIdentity' rather than to the virtual account that actually corresponds to that Application Pool. Read through the Microsoft's description or search online for virtual identity IIS, etc.

On your development machine, you probably have some sort of Full Admin rights, so it is not as restricted.

If you still have problems after that, I would recommend replicating the error with a Process Monitor running, so you can see exactly what process is accessing which resource with which identity. However, I would recommend replicating the issue on your development machine rather than running Process Monitor on the production. It takes a little bit of learning to be able to run it efficiently.

solution3
 1  2014-06-26 21:36:01

在IIS 7/8中,打开或关闭控制面板 /程序和功能/打开Windows功能,并检查所有项目 :Web管理工具,(包括:IIS管理服务,II 6管理兼容性)

solution4
 0  2015-05-22 16:30:27

This Solution worked for me ==>

http://blogs.msdn.com/b/jpsanders/archive/2009/05/13/iis-7-adsi-error-system-runtime-interopservices-comexception-0x80005000-unknown-error-0x80005000.aspx?CommentPosted=true#commentmessage

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question iis console application directoryentry searchresult access denied on DirectoryEntry bind IIS / DirectoryEntry / ASP.NET - Logon Failure DirectoryEntry CommitChanges() is throwing Access Denied error Can I use DirectoryEntry to list sites within IIS Express How to remove IIS 6 web directory property using directoryentry in C# Give IIS web application permission to access files on network drive Using DirectoryEntry to Enumerate IIS Configuration Data, Getting COMException IIS 6.0 DirectoryEntry ScriptMaps property and set .Net version How should I reduce connections to AD with DirectoryEntry within IIS?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM