如何通过IIS为不同的用户限制文件夹中的文件 [英] How to restrict files in a folder thrugh IIS for different users

问题描述

您好我有关于通过IIS访问文件的问题。在我的Intranet应用程序中，用户可以将文件上传到远程服务器上的共享文件夹（这可以正常工作），但是上传的evry文件除了上传它的用户之外不能被其他任何人查看（我以编程方式为文件设置了权限） ，这样只有上传的用户才能编辑或查看它。问题是，我将应用程序设置为使用具有该文件夹的r / w权限的应用程序池帐户，但现在任何用户都可以访问其他用户的文件（因为应用程序池帐户）。



我的问题是如何限制对这些文件的访问，以便只有拥有正确权限的用户才能访问它？我如何设置应用程序池帐户来正确处理这个问题？



谢谢。

B

Hello I have a question regarding file access via IIS. In my intranet application users can upload files to a shared folder on a remote server (this works normaly), but evry file that is uploaded can not be viewed by anyone else than the user who uploaded it (I set the permissions programaticly for the file, so that only the user that uploaded can edit or view it). The problem is, that I set the application to use an app pool account with r/w permissions to that folder, but now any user can access files from other users (becouse of the app pool account).

My question is how to restrict access to this files, so that only the users with correct permissons can access it? How shuld I set up the app pool account to handle this properly?

Thank you.
B

推荐答案

我希望答案 IIS AppPoolIdentity和文件系统写入访问权限 [ ^ ]为您提供了一些亮点。

I hope the answer IIS AppPoolIdentity and file system write access permissions[^] gives you some light.

您将需要一种方法来识别哪些用户可以访问哪些文件。您说用户上传的文件只能由该用户访问。我假设您的用户已通过身份验证。

您可以做的是将文件名和用户ID /电子邮件保存在数据库表中。现在不允许直接访问保存的文件夹。而是使用允许用户查看其文件的页面。由于您已根据用户ID保存了文件名，因此可以在该页面上显示该列表。然后单击文件名，显示该文件。更确切地说，如果用户ID / email与数据库中保存的文件名相匹配，则显示任何文件。



当然这是其中一种方式。你可以想出另一种合乎逻辑的方法来做到这一点。但就从IIS控制它而言，我认为你不能这样做，原因很简单，文件生成是动态的，你不知道哪个文件可以被哪个用户访问。如果有基于角色的访问要求，可以通过IIS / web.config设置完成。



希望有帮助！

You will need a way to identify which files are accessible to which user. You say that files uploaded by a user can be only be accessed by that user. I am assuming your users are authenticated.
What you can do is save the file name and user id / email in a database table. Now don't allow the saved file folder to be accessed directly. Rather use a page which allows users to view their files. Since you already have file names saved against user id, you can show the list on that page. And on click of the file name, show that file. To be more sure, show any file if the user id / email matches the one saved against the file name in the database.

Of course this is one of the way. You may come up with another logical way to do it. But as far as controlling it from IIS is concerned, I don't think you can do it for a simple reason that the file generation is dynamic and you do not know which file can be accessed by which user. If there would have been a role based access requirement, that could have been done through IIS/web.config setting.

Hope that helps!

这篇关于如何通过IIS为不同的用户限制文件夹中的文件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！