安全性在Web场环境中设置AppFabric时出现问题 [英] Security Problem when setting up AppFabric in Web Farm environment
问题描述
我正在尝试为Web场设置AppFabric。根据我读过的文档,我创建了三个域级别组,AppFabricAdmins,AppFabricObservers和AppFabricUsers,以及三个域级别帐户,AppFabricAdmin,AppFabricObserver,
和AppFabricUser。在这之后,我运行了配置AppFabric实用程序,在我的第一台服务器上设置托管,持久性和缓存,在适当的时候指定这些用户和组。所有这一切进展顺利,似乎没问题;数据库,登录和角色
all是在Sql Server中创建的。然后我创建了一个命名缓存,并授予用户组访问该缓存的权限。然后我创建了一个访问该缓存的简单网站,并设置网站运行的应用程序池以使用AppFabricUser帐户。
网站运行正常。最后,我创建了一个WCF服务,该服务访问缓存并使用与网站相同的应用程序池托管在IIS 7中。这就是我的问题开始的地方。如果我使用默认应用程序池,则服务无法访问缓存,但如果我使用
AppFabricUser应用程序池,则无法调用该服务。我得到奇怪的认证错误;事实上,我服务中的代码甚至都没有执行。
I am trying to set up AppFabric for a web farm. According to documentation I have read I have created three domain level groups, AppFabricAdmins, AppFabricObservers, and AppFabricUsers, and three domain level accounts, AppFabricAdmin, AppFabricObserver, and AppFabricUser. After doing that I ran the Configure AppFabric utility to set up Hosting, Persistence and Caching on my first server specifying those users and groups where appropriate. All of that went well and seems ok; the databases, logins and roles all got created in Sql Server. Then I created a named cache and granted the users group access to that cache. Then I created a simple website that accesses that cache and set the app pool that the website runs under to use the AppFabricUser account. The website works fine. Finally, I created a WCF service that accesses the cache and hosted that in IIS 7 using the same app pool as the website. That is where my problem began. If I use the default app pool the service cannot access the cache, but if I use the AppFabricUser app pool I cannot call the service. I get strange authentication errors; in fact the code in my service doesn't even execute.
所以,我的问题是,我需要做些什么来使我的服务可以调用?我是否需要授予对AppFabricUser帐户的某种访问权限?到目前为止,我还没有给予该账户任何特殊的特权。或者,基于我上面的描述,我的安全设计是否会出现
错误,我应该更改?
So, my question is, what do I need to do to make my service callable? Do I need to grant some sort of access to the AppFabricUser account? To this point I haven't granted that account any special priviledge. Or, based on my description above, is there something wrong with my security design that I should change?
谢谢。
推荐答案
看起来WCF服务依赖于默认应用程序池提供的权限。确保您的服务现在在其下运行的AppFabricUser具有相同的权限集。
It looks like that WCF service depends upon privileges provided by default app pool. Ensure that AppFabricUser that your service now runs under have the same set of privileges.
这篇关于安全性在Web场环境中设置AppFabric时出现问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
