IIS 7的模拟和身份身份、IIS
我想习惯II7,有相当长一段时间曾与IIS6。
I'm trying to get used to II7, having worked with IIS6 for quite some time.
在IIS 6中,我会设定<身份冒充=真/> 在web.config中,并确保我申请正确的NTFS权限IUSR_ [计算机名]帐户,如果一个文件夹,不是读权限需要更多的。
In IIS 6, I'd set <identity impersonate="true"/> in the web.config, and make sure that I applied the correct NTFS permissions to the IUSR_[MACHINENAME] account if a folder required more than read permissions.
在IIS 7中,我有麻烦复制此安装程序,而不诉诸运用太多的权限。
In IIS 7, I'm having trouble duplicating this setup without resorting to applying too many permissions.
如果我用&LT;身份冒充=真/&GT; 在IIS 7中,Environment.Username告诉我,我确实扮演IUSR帐户,这是新的等价的。不过,如果我登录到使用窗体身份验证的网站管理员部分是假冒不同于我所期望的。
If I use <identity impersonate="true"/> in IIS 7, Environment.Username tells me that I'm indeed impersonating the IUSR account, which is the new equivalent. However, if I log into the admin portion of the website using forms authentication it impersonates differently than I expect.
随着网络服务的应用程序池设置:
With NetworkService set in the application pool:
没有登录:IUSR,没有模拟:[计算机名] $ 登录:[计算机名] $,没有模拟:[计算机名] $通过本地服务应用程序池中设置:
With LocalService set in the application pool:
在没有登录:IUSR,没有模拟:LOCAL SERVICE 登录:LOCAL SERVICE,没有模拟:LOCAL SERVICE如果我给IIS_IUSRS帐户的NTFS权限,我可以把事情工作得很好,但是这似乎有些奇怪。我怎样才能始终扮演IUSR帐户?或者,我应该给NTFS权限IIS_IUSRS?
If I give the IIS_IUSRS account the NTFS permissions I can make things work just fine, but this seems odd. How can I always impersonate the IUSR account? Or, am I supposed to give the NTFS permissions to IIS_IUSRS?
我倒是AP preciate这种变化在IIS7的一个很好的解释 - 我已搜索周围,找不到这种用法与窗体身份验证的解释
I'd appreciate a good explanation of this change in IIS7 - I've searched around and can't find an explanation for this usage with forms authentication.
推荐答案
下面是从TechNet文章片段:
Here's a snippet from a technet article:
如果您启用模拟为 ASP.NET应用程序,该应用程序 可以以两种不同的一个运行 上下文:无论是作为用户 由IIS 7或认证作为 您设置的任意帐户。对于 例如,如果你使用匿名 认证和选择运行 ASP.NET应用程序的 认证的用户,则应用程序 将下一个帐户设置为运行 匿名用户(典型地,是IUSR)。 同样,如果你选择运行 在任意应用程序 帐户,它会在运行什么 安全上下文成立为 帐户。
If you enable impersonation for an ASP.NET application, that application can run in one of two different contexts: either as the user authenticated by IIS 7 or as an arbitrary account that you set up. For example, if you were using Anonymous authentication and chose to run the ASP.NET application as the authenticated user, the application would run under an account set up for anonymous users (typically, IUSR). Likewise, if you chose to run the application under an arbitrary account, it would run under whatever security context was set up for that account.
下面是完整的文档:
http://technet.microsoft.com/ EN-US /库/ cc730708%28WS.10%29.aspx
