How to give Folder Permission for IIS User in C#?
我需要授予IIS用户的文件夹权限。
其实我是这样写的..
1 2 3 4 5 6 7 8 | public static void AddDirectorySecurity(string FileName, string Account, FileSystemRights Rights,AccessControlType ControlType) { DirectoryInfo dInfo = new DirectoryInfo(FileName); DirectorySecurity dSecurity = dInfo.GetAccessControl(); dSecurity.AddAccessRule( new System.Security.AccessControl.FileSystemAccessRule(objUser, Rights, ControlType)); dInfo.SetAccessControl(dSecurity); } |
我像这样调用上面的方法...
1 2 3 4 5 | void givepermission() { DirectoryInfo a = new DirectoryInfo(Server.MapPath("~/resources")); AddDirectorySecurity(Server.MapPath("~/"),"IUSR", FileSystemRights.FullControl,AccessControlType.Allow); } |
但是在本地工作。 当服务器不工作时。
我尝试了以下帐户名称,而不是IUSR,但这也无法正常工作..
IIS_IUSRS
IIS_WPG
网络服务
大家
等等..
而是IIS_IUSRS。 我也这样尝试过...
1 2 3 4 5 6 7 | System.Environment.MachineName +"\\\\IIS_IUSRS" IIS_IUSRS_System.Environment.MachineName System.Environment.UserDomainName +"\\\\IIS_IUSRS" etc.. |
但这也不起作用,但是
"某些或所有身份参考文件无法翻译"
注意:我不想手动设置权限
请有人帮我这个忙..?
根据"应用程序池标识"文章:
IIS introduces a new security feature in Service Pack 2 (SP2) of
Windows Server 2008 and Windows Vista. It's called Application Pool
Identities. Application Pool Identities allow you to run Application
Pools under a unique account without having to create and manage
domain or local accounts. The name of the Application Pool account
corresponds to the name of the Application Pool.
这是对发生的情况的很好的解释:
In Windows 7, IIS application pool isolation was taken yet to a
different level. The new change introduced in IIS7 (Windows Server
2008) was a new option to run your application pool as AppPoolIdentiy.
However, the default for an application pool identity in IIS7 remained
the same – NetworkService. In IIS7.5, AppPoolIdentiy becomes a
default. Thus, scripts previously expecting permissions for their
application pool identity to be set to"NT Service\
etworkService"
will now have to set permissions (ACLs) for"IIS AppPool\\" – the user account created for each new application pool.Thus, to set permissions for the DefaultAppPool, the scripts will
need to set ACLs for"IIS AppPool\\DefaultAppPool".
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 | public static void FolderPermission(String accountName, String folderPath) { try { FileSystemRights Rights; //What rights are we setting? Here accountName is =="IIS_IUSRS" Rights = FileSystemRights.FullControl; bool modified; var none = new InheritanceFlags(); none = InheritanceFlags.None; //set on dir itself var accessRule = new FileSystemAccessRule(accountName, Rights, none, PropagationFlags.NoPropagateInherit, AccessControlType.Allow); var dInfo = new DirectoryInfo(folderPath); var dSecurity = dInfo.GetAccessControl(); dSecurity.ModifyAccessRule(AccessControlModification.Set, accessRule, out modified); //Always allow objects to inherit on a directory var iFlags = new InheritanceFlags(); iFlags = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit; //Add Access rule for the inheritance var accessRule2 = new FileSystemAccessRule(accountName, Rights, iFlags, PropagationFlags.InheritOnly, AccessControlType.Allow); dSecurity.ModifyAccessRule(AccessControlModification.Add, accessRule2, out modified); dInfo.SetAccessControl(dSecurity); } catch (Exception ex) { MessageBox.Show("Error"); } } |