关于asp.net:如何在C#中为IIS用户授予文件夹权限?


How to give Folder Permission for IIS User in C#?

我需要授予IIS用户的文件夹权限。
其实我是这样写的..

1
2
3
4
5
6
7
8
public static void AddDirectorySecurity(string FileName, string Account, FileSystemRights Rights,AccessControlType ControlType)
{
    DirectoryInfo dInfo = new DirectoryInfo(FileName);
    DirectorySecurity dSecurity = dInfo.GetAccessControl();
    dSecurity.AddAccessRule(
        new System.Security.AccessControl.FileSystemAccessRule(objUser, Rights, ControlType));
    dInfo.SetAccessControl(dSecurity);
}

我像这样调用上面的方法...

1
2
3
4
5
void givepermission()
{
    DirectoryInfo a = new DirectoryInfo(Server.MapPath("~/resources"));
    AddDirectorySecurity(Server.MapPath("~/"),"IUSR", FileSystemRights.FullControl,AccessControlType.Allow);
}

但是在本地工作。 当服务器不工作时。

我尝试了以下帐户名称,而不是IUSR,但这也无法正常工作..


IIS_IUSRS
IIS_WPG
网络服务
大家
等等..

而是IIS_IUSRS。 我也这样尝试过...

1
2
3
4
5
6
7
System.Environment.MachineName +"\\\\IIS_IUSRS"

IIS_IUSRS_System.Environment.MachineName

System.Environment.UserDomainName +"\\\\IIS_IUSRS"

etc..

但这也不起作用,但是
"某些或所有身份参考文件无法翻译"

注意:我不想手动设置权限

请有人帮我这个忙..?

相关讨论

根据"应用程序池标识"文章:

IIS introduces a new security feature in Service Pack 2 (SP2) of
Windows Server 2008 and Windows Vista. It's called Application Pool
Identities. Application Pool Identities allow you to run Application
Pools under a unique account without having to create and manage
domain or local accounts. The name of the Application Pool account
corresponds to the name of the Application Pool.

这是对发生的情况的很好的解释:

In Windows 7, IIS application pool isolation was taken yet to a
different level. The new change introduced in IIS7 (Windows Server
2008) was a new option to run your application pool as AppPoolIdentiy.
However, the default for an application pool identity in IIS7 remained
the same – NetworkService. In IIS7.5, AppPoolIdentiy becomes a
default. Thus, scripts previously expecting permissions for their
application pool identity to be set to"NT Service\
etworkService"
will now have to set permissions (ACLs) for"IIS AppPool\\" – the user account created for each new application pool.

Thus, to set permissions for the DefaultAppPool, the scripts will
need to set ACLs for"IIS AppPool\\DefaultAppPool".

相关讨论

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
public static void FolderPermission(String accountName, String folderPath)
    {
        try
        {

            FileSystemRights Rights;

            //What rights are we setting? Here accountName is =="IIS_IUSRS"

            Rights = FileSystemRights.FullControl;
            bool modified;
            var none = new InheritanceFlags();
            none = InheritanceFlags.None;

            //set on dir itself
            var accessRule = new FileSystemAccessRule(accountName, Rights, none, PropagationFlags.NoPropagateInherit, AccessControlType.Allow);
            var dInfo = new DirectoryInfo(folderPath);
            var dSecurity = dInfo.GetAccessControl();
            dSecurity.ModifyAccessRule(AccessControlModification.Set, accessRule, out modified);

            //Always allow objects to inherit on a directory
            var iFlags = new InheritanceFlags();
            iFlags = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit;

            //Add Access rule for the inheritance
            var accessRule2 = new FileSystemAccessRule(accountName, Rights, iFlags, PropagationFlags.InheritOnly, AccessControlType.Allow);
            dSecurity.ModifyAccessRule(AccessControlModification.Add, accessRule2, out modified);

            dInfo.SetAccessControl(dSecurity);
        }
        catch (Exception ex)
        {
            MessageBox.Show("Error");
        }
    }