访问IIS上拒绝的路径 [英] Access to path denied on IIS

问题描述

我正在尝试使用 System.IO.File.WriteAllText 让我的MVC应用程序将一个简单的文本文件写入另一台服务器。 （一个单独的进程正在该文件夹中查找要抓取的文本文件。）在本地计算机上调试时工作正常，但在测试服务器上部署到IIS时，我总是在尝试编写文件时出现此错误：

I'm trying to get my MVC app to write a simple text file to another server using System.IO.File.WriteAllText. (A separate process is looking in that folder for text files to grab.) It works fine when debugging on my local machine, but when deployed to IIS on a test server, I always get this error when trying to write the file:

拒绝访问路径'\\server\C $ \ folder \subfolder\file.txt'。

Access to the path '\\server\C$\folder\subfolder\file.txt' is denied.

SO上至少有六个类似问题的答案是让应用程序池身份帐户访问该文件夹。但是，IIS上的应用程序池已在一个服务帐户下运行，该帐户具有所需文件夹的完全权限，但仍然收到错误。我甚至尝试将应用程序池更改为我自己的帐户（在调试中成功使用的帐户），仍然得到错误。

The answer to at least half a dozen similar questions here on SO was to give the application pool identity account access to that folder. However, the app pool on IIS was already running under a service account that had full permissions to the desired folder but was still getting the error. I even tried changing the app pool to my own account (the one used successfully in debugging) and still get the error.

关闭匿名访问，并启用Windows身份验证（ file.txt 的一部分来自用户的AD帐户）。我尝试使用多个AD帐户访问该应用程序，无论是否访问 \\server\C $ \ folder \ sububderder \ ，它们都是给出相同的错误。

Anonymous access is turned off, and Windows Authentication is turned on (part of the file.txt is info from the user's AD account). I have tried accessing the app with several AD accounts, both with and without access to \\server\C$\folder\subfolder\ but they all give the same error.

我看不到应用程序如何在授权帐户下运行，用户可以使用授权帐户登录应用程序，但仍然获得访问被拒绝错误。有没有办法获得更多关于具体访问被拒绝或哪个帐户实际被拒绝的信息？还有我在这里缺少的其他东西??

I don't see how the app can be running under an authorized account, and the user can be logged in to the app with an authorized account, but still get the access denied error. Is there any way to get more info about specifically what access is denied or which account is actually being denied? Anything else I'm missing here??

推荐答案

您需要检查其他进程是否已打开文件，例如一个单独的进程正在该文件夹中查找要抓取的文本文件 - 也许这个单独的进程已经打开了文件，因此锁定了您的IIS进程？使用进程监视器（ https://docs.microsoft.com/en-us/ sysinternals / downloads / procmon ）监视文件上的活动。

You need to check whether other processes already have the file open, e.g, "A separate process is looking in that folder for text files to grab" - perhaps this separate process already has the file open and is therefore locking out your IIS process? Use Process Monitor (https://docs.microsoft.com/en-us/sysinternals/downloads/procmon) to monitor activity on the file.

此外，您将文件位置设为'\\\\\\\\\\\\\\\\\ \subfolder\file.txt。 UNC路径通常以'\\'开头，例如'\\server\C $ \ folder \ subfolder \ file.txt'。这可能只是StackOverflow将双斜杠转换为单斜杠的假象。

Also you give the file location as '\server\C$\folder\subfolder\file.txt'. UNC paths normally begin with a '\\', e.g., '\\server\C$\folder\subfolder\file.txt'. That may just be an artefact of StackOverflow escaping the double slash to a single slash.

作为一个简单的测试，你可以使用记事本和你自己的帐户打开文件错误信息并写入文件？如果您使用应用程序池标识帐户该怎么办？

As a simple test, can you use notepad with your own account to open the file in the error message and write to the file? What if you use the application pool identity account?

编辑：您在具有文件位置的服务器上运行Process Monitor。添加如下路径过滤器：

You run Process Monitor on the server that has the file location. Add a Path filter like this:

Path   excludes    file.txt   then  Exclude

其中file.txt是您正在监视的文件的文件名（没有目录）。此过滤器仅捕获该文件的事件，并将排除其他所有内容。事件发生后，右键单击它，然后转到属性，处理以查看发起事件的用户。

Where file.txt is the file name (without the directory) of the file you are monitoring. This filter will only capture events for that file and will exclude everything else. Once an event occurs, right click it, and go to Properties, Process to see the User initiating the event.

这篇关于访问IIS上拒绝的路径的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！