模拟和代表团ASP.NET [英] Impersonation and Delegation in ASP.NET
问题描述
我在与ASP.NET一个访问远程服务器上的文本文件的问题。 ASP.NET 1.1应用程序是Server 2003上运行使用模拟与请求者的Windows凭据。客户端,Web服务器和远程服务器都在同一个域,并且用户有权限访问该文本文件。用户可以打开他们的机器文本文件通过UNC共享。当用户运行该网站直接登录正常工作的服务器上。然而,当用户试图在其计算机上,这是行不通的。应该如何模拟设置这个工作?
I'm having problems accessing a text file on a remote server with ASP.NET. The ASP.NET 1.1 application is running on Server 2003 using Impersonation with the requester's Windows Credentials. The client, webserver, and remote server are all on the same domain, and the user has permission to access the text file. The user can open the text file from their machine over a UNC share. When the user runs the site logged in directly on the server it works fine. However, when the user tries on their machine, it does not work. How should Impersonation be set up for this to work?
编辑:
的应用做工精细等特点,它只是访问不起作用远程文件。
Other features of the app work fine, it just accessing the remote file that doesn't work.
推荐答案
这听起来像你正在运行到多跳的问题。当您使用集成身份验证,您可以从浏览器到IIS身份验证。但是,你无法验证到域上的任何其他机器。其原因是,与标准的凭证,他们无法验证你是谁。
It sounds like you're running into the multi-hop problem. When you use integrated authentication, you can authenticate from your browser to IIS. But, you can't authenticate to any other machines on the domain. The reason is that with standard credentials, they can't verify who you are.
有2个是我熟悉主要的解决方法:
There are 2 primary workarounds that I'm familiar with:
- 实施的Kerberos,这些证书允许你做一个更高级身份验证,并允许多网络跳。
- 重新使用模拟中的LogonUser的Win32 API(需要密码),您的用户。
- Implement Kerberos, these certificates allow you to do a more advanced authentication, and allow for multiple-network hops.
- Re-impersonate your user using the LogonUser win32 api (requires a password).
这篇关于模拟和代表团ASP.NET的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
