线程&模拟 [英] Threads & Impersonation
问题描述
嗨!
我正在尝试编写一个asp.net应用程序(页面/类),该应用程序将对已分配的对象(com + / serviced componentes)进行多次调用转向与其他分布式计算机的谈话这些COM + / serviced componentes对象具有安全设置,只允许特权用户实例化并使用它们。所以我在web.config中设置了impersonate = true标志。
由于调用这些对象时响应时间长且CPU使用率低,我认为运行几个是个好主意并行方式的问题。
我在这里遇到了一些我无法解决的问题。
主线程作为我的用户运行(选中System.Security.Principal.WindowsIdentity.Current)但是子线程作为ASPNET用户运行,并且作为原因,他们没有正确的priveledges来执行我的服务组件。 br />
如果我使用线程池(ThreadPool.QueueUserWorkItem)或者只是创建一个新线程,我没有任何区别。
虚空如果我在机器中更改了machine.config中的用户。到系统或域名/ johnDoe,即真实用户,我是否让我的页面工作,只是访问被拒绝所有的时间。
所以,请问,有人有解决方法吗?不幸的是,由于我公司的安全政策,我不能使用Impersonate方法。
我只想让该死的线程在相同的身份下运行:)
<问候!
问候!
/ Markus P
Hi!
I am trying to write an asp.net app (page/class) which is going to make several calls to distibuted objects (com+/serviced componentes) which in turns talks to other distributed computers. These COM+/serviced componentes object has security settings that allows only privileged users to instanciate and use them. So I have the impersonate=true flag setted in web.config.
Because of the long responsetimes and low CPU usage when calling these objects I thought it would be a great idea to run several questions in threads in a parallel manner.
It was here I encountered some problems I have''t been able to solve yet.
The main thread run as my user(checked System.Security.Principal.WindowsIdentity.Current) BUT the child-threads run as the ASPNET user and as a cause of this, they do not have the right priveledges to execute my Serviced Components.
I doesn''t make any difference if i use the threadpool (ThreadPool.QueueUserWorkItem) or just create a new Thread.
Nether if I change the user in machine.config, from "machine" to "SYSTEM" or to "domain/johnDoe", i.e. a real user, do I get my page to work, just "access denied" all the time.
So, please, does anybody has a workaround? Unfortunatly I can''t use the Impersonate-method, because of my companys security policies.
I just want the damn thread to run under the same Identity :)
Regards!
/Markus P
推荐答案
Markus:
您提到即使将
计算机上的ASPNET进程标识更改为域/ JohnDoe,您仍然可以拒绝访问? johnDoe
帐户是否应该有权访问COM +组件?
那应该适合你。
- -
Scott
http://www.OdeToCode.com 2004年8月3日星期二06:56:21 -0700,Markus P
@ discussions.microsoft.com>写道:
Markus:
You mentioned even when changing the ASPNET process identity from
machine to domain/JohnDoe you still have access denied? Is the johnDoe
account supposed to have permissions to access the COM+ components?
That should be working for you.
--
Scott
http://www.OdeToCode.com
On Tue, 3 Aug 2004 06:56:21 -0700, "Markus P"
<Ma*****@discussions.microsoft.com> wrote:
嗨!
我正在尝试编写一个asp.net应用程序(页面/类),它将对分配的对象进行多次调用( com + / serviced componentes)它们与其他分布式计算机进行对话。这些COM + / serviced componentes对象具有安全设置,只允许特权用户实例化并使用它们。所以我在web.config中设置了impersonate = true标志。
由于调用这些对象时响应时间长,CPU使用率低,我认为在线程中运行几个问题是个好主意。并行的方式。
我在这里遇到了一些我无法解决的问题。
主线程以我的用户身份运行(选中System.Security) .Principal.WindowsIdentity.Current)但是子线程作为ASPNET用户运行,并且作为原因,他们没有正确的权限来执行我的服务组件。
我不是如果我使用线程池(ThreadPool.QueueUserWorkItem)或只是创建一个新线程,那就有所不同。
如果我在machine.config中更改用户,则从机器到系统或域名/ johnDoe,即真实用户,我是否让我的页面工作,只是访问被拒绝所有的时间。
所以,请问,有人有解决方法吗?不幸的是,由于我公司的安全政策,我不能使用Impersonate方法。
我只想让该死的线程在相同的身份下运行:)
问候操作系统创建一个线程时,它的标识就是创建过程的标识。
/ Markus P
Hi!
I am trying to write an asp.net app (page/class) which is going to make several calls to distibuted objects (com+/serviced componentes) which in turns talks to other distributed computers. These COM+/serviced componentes object has security settings that allows only privileged users to instanciate and use them. So I have the impersonate=true flag setted in web.config.
Because of the long responsetimes and low CPU usage when calling these objects I thought it would be a great idea to run several questions in threads in a parallel manner.
It was here I encountered some problems I have''t been able to solve yet.
The main thread run as my user(checked System.Security.Principal.WindowsIdentity.Current) BUT the child-threads run as the ASPNET user and as a cause of this, they do not have the right priveledges to execute my Serviced Components.
I doesn''t make any difference if i use the threadpool (ThreadPool.QueueUserWorkItem) or just create a new Thread.
Nether if I change the user in machine.config, from "machine" to "SYSTEM" or to "domain/johnDoe", i.e. a real user, do I get my page to work, just "access denied" all the time.
So, please, does anybody has a workaround? Unfortunatly I can''t use the Impersonate-method, because of my companys security policies.
I just want the damn thread to run under the same Identity :)
Regards!
/Markus P
,
没有创建线程。在asp.net的情况下,它将是
aspnet_wp.exe(通常是aspnet帐户)的身份。
当你启动你的线程时,它将不得不回拨给它的创建者线程
以使其身份被冒充(你需要一个主令牌)。
- 布鲁斯( sqlwork.com)
" Markus P" <马***** @ discussions.microsoft.com>在留言中写道
news:7B ********************************** @ microsof t.com ...
when the OS creates a thread, its identity is that of the creating process,
not creating thread. in the case of asp.net, it will be the identity of
aspnet_wp.exe (usually the aspnet account).
when you start your thread, it will have to call back to its creator thread
to to get its identity to impersonate (you will need a primary token).
-- bruce (sqlwork.com)
"Markus P" <Ma*****@discussions.microsoft.com> wrote in message
news:7B**********************************@microsof t.com...
嗨!
我正在尝试编写一个asp.net应用程序(页面/类),它将使
多次调用分解对象(com + / serviced componentes),它们在
中转向与其他分布式计算机的对话。这些COM + /服务组件
对象具有安全设置,只允许特权用户
instanciate并使用它们。所以我在
web.config中设置了impersonate = true标志。
由于调用这些
对象时响应时间长且CPU使用率低,我认为它会很棒想要以并行的方式在
线程中运行几个问题。
我在这里遇到了一些我无法解决的问题。
主线程以我的用户身份运行(选中
System.Security.Principal.WindowsIdentity.Current)但子线程运行
作为ASPNET用户,并且作为原因,他们这样做没有权利执行我的服务组件。
如果我使用线程池
(ThreadPool.QueueUserWorkItem)或只是创建一个新的,我没有任何区别线程。
如果我在machine.config中更改用户,则来自机器到系统
或domain / johnDoe,即真实用户,我是否可以让我的页面工作,只需
访问被拒绝所有的时间。
所以,请问,有人有解决方法吗?不幸的是,由于我公司的安全政策,我不能使用
Impersonate方法。
我只想让该死的线程在相同的身份下运行:)
问候!
/ Markus P
Hi!
I am trying to write an asp.net app (page/class) which is going to make several calls to distibuted objects (com+/serviced componentes) which in
turns talks to other distributed computers. These COM+/serviced componentes
object has security settings that allows only privileged users to
instanciate and use them. So I have the impersonate=true flag setted in
web.config.
Because of the long responsetimes and low CPU usage when calling these objects I thought it would be a great idea to run several questions in
threads in a parallel manner.
It was here I encountered some problems I have''t been able to solve yet.
The main thread run as my user(checked System.Security.Principal.WindowsIdentity.Current) BUT the child-threads run
as the ASPNET user and as a cause of this, they do not have the right
priveledges to execute my Serviced Components.
I doesn''t make any difference if i use the threadpool (ThreadPool.QueueUserWorkItem) or just create a new Thread.
Nether if I change the user in machine.config, from "machine" to "SYSTEM" or to "domain/johnDoe", i.e. a real user, do I get my page to work, just
"access denied" all the time.
So, please, does anybody has a workaround? Unfortunatly I can''t use the Impersonate-method, because of my companys security policies.
I just want the damn thread to run under the same Identity :)
Regards!
/Markus P
或者如何将标识传递给构造函数中的线程???
-
问候,
Alvin Bruney
[ASP.NET MVP http://mvp.support.microsoft.com/default.aspx]
得到花絮?在此处获取... http://tinyurl.com/27cok
布鲁斯巴克 <无*********** @ safeco.com>在消息中写道
新闻:%2 *************** @ TK2MSFTNGP09.phx.gbl ...
or how about passing in the identity to the thread in the constructor???
--
Regards,
Alvin Bruney
[ASP.NET MVP http://mvp.support.microsoft.com/default.aspx]
Got tidbits? Get it here... http://tinyurl.com/27cok
"bruce barker" <no***********@safeco.com> wrote in message
news:%2***************@TK2MSFTNGP09.phx.gbl...
当操作系统创建一个线程,它的身份是创建
进程,不创建线程。在asp.net的情况下,它将是
aspnet_wp.exe(通常是aspnet帐户)的身份。
当你启动你的线程时,它将不得不回调它的创建者
线程以获取其身份以进行冒充(您将需要一个主要令牌)。
- 布鲁斯(sqlwork.com)
Markus P <马***** @ discussions.microsoft.com>在消息中写道
新闻:7B ********************************** @ microsof t.com。 ..
when the OS creates a thread, its identity is that of the creating
process,
not creating thread. in the case of asp.net, it will be the identity of
aspnet_wp.exe (usually the aspnet account).
when you start your thread, it will have to call back to its creator
thread
to to get its identity to impersonate (you will need a primary token).
-- bruce (sqlwork.com)
"Markus P" <Ma*****@discussions.microsoft.com> wrote in message
news:7B**********************************@microsof t.com...
嗨!
我正在尝试编写一个asp.net应用程序(页面/类),它将进行多次调用
Hi!
I am trying to write an asp.net app (page/class) which is going to make
分散的对象(com + / serviced componentes),它们与其他分布式计算机进行对话。这些COM + / serviced
组件
对象具有安全设置,只允许特权用户实现和使用它们。所以我在
web.config中设置了impersonate = true标志。
several calls to distibuted objects (com+/serviced componentes) which in
turns talks to other distributed computers. These COM+/serviced
componentes
object has security settings that allows only privileged users to
instanciate and use them. So I have the impersonate=true flag setted in
web.config.
因为调用这些
Because of the long responsetimes and low CPU usage when calling these
时响应时间长且CPU使用率低\\
对象我认为以并行的方式在
线程中运行几个问题是个好主意。
objects I thought it would be a great idea to run several questions in
threads in a parallel manner.
我在这里遇到了一些我无法解决的问题尚未解决。
主线程作为我的用户运行(已检查
It was here I encountered some problems I have''t been able to solve yet.
The main thread run as my user(checked
System.Security.Principal.WindowsIdentity.Current)但是子线程运行<作为ASPNET用户,作为原因,他们没有正确的权限来执行我的服务组件。
System.Security.Principal.WindowsIdentity.Current) BUT the child-threads
run
as the ASPNET user and as a cause of this, they do not have the right
priveledges to execute my Serviced Components.
我没有做任何事情差异,如果我使用线程池
I doesn''t make any difference if i use the threadpool
(ThreadPool.QueueUserWorkItem)或只是创建一个新的线程。
(ThreadPool.QueueUserWorkItem) or just create a new Thread.
如果我在machine.config中更改用户,则来自"机"到SYSTEM
Nether if I change the user in machine.config, from "machine" to "SYSTEM"
或domain / johnDoe,即真实用户,我是否可以让我的页面工作,只是访问被拒绝。所有的时间。
or to "domain/johnDoe", i.e. a real user, do I get my page to work, just
"access denied" all the time.
那么,请问,有人有解决方法吗?不幸的是,由于我公司的安全策略,我不能使用
So, please, does anybody has a workaround? Unfortunatly I can''t use the
Impersonate方法。
Impersonate-method, because of my companys security policies.
我只想让该死的线程在同一个线程下运行身份:)
问候!
/ Markus P
I just want the damn thread to run under the same Identity :)
Regards!
/Markus P
这篇关于线程&模拟的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!