错误1307:使用ASP.NET中的System.Management对象向NTFS添加文件权限 [英] Error 1307: Adding File Permissions to NTFS using System.Management Object in ASP.NET

查看:98
本文介绍了错误1307:使用ASP.NET中的System.Management对象向NTFS添加文件权限的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

项目:

----------------------------


我正在使用ASP.NET和C#创建HTTPS文件传输应用程序。我是使用ActiveDirectory和windows安全性来管理

权限的
。为什么重新发明轮子吧?到目前为止,所有内容都是与Active Directory配合良好的
。我遇到的问题是向目录添加文件权限

。我目前正在使用

一些代码由Willy Denoyette [MVP]提供


问题:

--- -------------------------


当我尝试使用以下命令将用户权限添加到特定文件夹时相同的

代码在示例控制台应用程序中它可以正常工作。当我从ASP.NET执行

代码时,每次都会得到1307的返回代码。


这意味着 - 1307可能不会分配此安全ID作为这个对象的拥有者

。 ( http://www.hiteksoftware.com/mize/ Kn ... icles / 049.htm)


谁能告诉我为什么会这样?威利?


环境:

-------------------------- -


我正在使用Framework 1.1和Windows XP进行开发。在Windows 2003 Server上来自AD的用户是



我已经给ASPNET对象完全访问文件夹C:\ test。我有

也给ASPNET对象完全访问Root / CIMV2

CompMgmt.msc / Services and Apps / WMI Control


代码:

----------------------------

DsSettings对象只是一个简单的类,其中包含Login

和LDAP的路径信息。

public bool GrantPermission(字符串用户名,字符串域,DsSettings

设置)

{

试试

{


byte [] bSid =(byte [] )DsWrapper.GetUser(用户名,

设置).DsEntry.Properties [" objectSID"]。值;

ManagementObject LogicalFileSecuritySetting = new

ManagementObject(新的ManagementPath(

@" ROOT \\ _CIMV2:Win32_LogicalFileSecuritySetting.Path =''c:\\test''"));

ManagementBaseObject outParams;

outParams = LogicalFileSecuritySetting.InvokeMethod(" GetSecuri tyDescriptor",

null,null);


ManagementBaseObject Descriptor =

((ManagementBaseObject)(outParams.Properties [" Descriptor"]。Value));

ManagementBaseObject [] DACLObject =((ManagementBaseObject []) (

Descriptor.Properties [" DACL"]。Value));


ManagementObject newTrusteeUser =(new ManagementClass(

) @" ROOT\CIMV2:Win32_Trustee" ).CreateInstance();

newTrusteeUser [" Domain"] = domain;

newTrusteeUser [" Name"] = username;

newTrusteeUser [" SID"] = bSid;


ManagementObject newACEUser =(new ManagementClass(

@" ROOT \CIMV2:Win32_Ace")) .CreateInstance();

newACEUser [" Trustee"] = newTrusteeUser;

newACEUser [" AceFlags"] = 3;

newACEUser [" AceType"] = 0;

newACEUser [" AccessMask"] = 2032127; //完全访问掩码

ManagementBaseObject [] DACLObjectNew = new ManagementBaseObject []

{newACEUser};

Descriptor.Properties [" DACL"]。Value = DACLObjectNew;

ManagementBaseObject inParams = null;

inParams = LogicalFileSecuritySetting.GetMethodParameters(" Se tSecurityDescriptor");

inParams [" Descriptor"] = Descriptor;

outParams = LogicalFileSecuritySettin g.InvokeMethod(SetSecuri tyDescriptor,

inParams,null);


//此行是我在ASP中获得1307结果的地方.NET

uint result =(uint)(outParams.Properties [" ReturnValue"]。Value);


LogicalFileSecuritySetting.Dispose();

返回true;

}

catch(Exception exp)

{

throw exp ;

}

}

日志:

------------- ---------------

C:\ WINDOWS \system32 \ WBEM\Logs\Framework.log

----------------------------

无法找到Shell Process,模拟失败。 05/06/2004

09:39:06.093 thread:1916 [d:\ xpsp1 \admin\wmi\wbem\providers\win32provider\co mmon\implogonuser。 cpp.179]

在进程中找不到Shell名称Explorer.exe在进程中找到

list。 05/06/2004 09:39:06.203主题:2540 [d:\ xpsp1 \admin \wmi \ wbem \ providers \ win32provider\co mmon\implogonuser.cpp.163]

无法找到Shell Process,模拟失败。 05/06/2004

09:39:06.203主题:2540 [d:\ xpsp1 \admin\wmi \wbem \ providers \ win32provider\co mmon\implogonuser。 cpp.179]

在进程中找不到Shell名称Explorer.exe在进程中找到

list。 05/06/2004 09:39:07.968主题:1916 [d:\ xpsp1 \admin \wmi \ wbem \ providers \ win32provider\co mmon\implogonuser.cpp.163]

无法找到Shell Process,模拟失败。 05/06/2004

09:39:07.984主题:1916 [d:\ xpsp1 \admin\wmi \wbem \ providers \ win32provider\co mmon\implogonuser。 cpp.179]

在进程中找不到Shell名称Explorer.exe在进程中找到

list。 05/06/2004 09:39:07.984主题:1916 [d:\ xpsp1 \admin \wmi \wbem \ providers \ win32provider\co mmon \ implogonuser.cpp.163]

无法找到Shell Process,模拟失败。 05/06/2004

09:39:08.000主题:1916 [d:\ xpsp1 \admin \wmi \wbem \ providers \ win32provider\co mmon\implogonuser。 cpp.179]

在进程中找不到Shell名称Explorer.exe在进程中找到

list。 05/06/2004 09:39:08.093主题:1916 [d:\ xpsp1 \admin \wmi \ wbem \ providers \ win32provider\co mmon \ implogonuser.cpp.163]

无法找到Shell Process,模拟失败。 05/06/2004

09:39:08.093 thread:1916 [d:\ xpsp1 \admin\wmi \wbem \ providers \ win32provider\co mmon\implogonuser。 cpp.179]

在进程中找不到Shell名称Explorer.exe在进程中找到

list。 05/06/2004 09:39:08.203主题:2540 [d:\ xpsp1 \admin \wmi \ wbem \ providers \ win32provider\co mmon \ implogonuser.cpp.163]

无法找到Shell Process,模拟失败。 05/06/2004

09:39:08.203主题:2540 [d:\ xpsp1 \admin\wmi \wbem \ providers \ win32provider\co mmon\implogonuser。 cpp.179]

在进程中找不到Shell名称Explorer.exe在进程中找到

list。 05/06/2004 09:39:08.218主题:2540 [d:\ xpsp1 \admin \wmi \ wbem \ providers \ win32provider\co mmon \ implogonuser.cpp.163]

无法找到Shell Process,模拟失败。 05/06/2004

09:39:08.218主题:2540 [d:\ xpsp1 \admin \wmi \ wbem \ providers \ win32provider\co mmon\implogonuser。 cpp.179]

在进程中找不到Shell名称Explorer.exe在进程中找到

list。 05/06/2004 09:39:08.312主题:2540 [d:\ xpsp1 \admin \wmi \ wbem \ providers \ win32provider\co mmon \ implogonuser.cpp.163]

无法找到Shell Process,模拟失败。 05/06/2004

09:39:08.312主题:2540 [d:\ xpsp1 \admin\wmi \wbem \ providers \ win32provider\co mmon\implogonuser。 cpp.179]

Project:
----------------------------

I am creating a HTTPS File Transfer App using ASP.NET and C#. I am
utilizing ActiveDirectory and windows security to manage the
permissions. Why reinvent the wheel, right? Everything so far is
working well with the Active Directory. The problem I am having is
with adding File Permissions to a directory. I am currently using
some code courtesy of "Willy Denoyette [MVP]"

Problem:
----------------------------

When I try to add user permissions to a specific folder using the same
code in a sample console app it works correctly. When I execute the
code from ASP.NET I get a return code of 1307, everytime.

Which means - 1307 This security ID may not be assigned as the owner
of this object. (http://www.hiteksoftware.com/mize/Kn...icles/049.htm).

Can anyone tell me why this is happening? Willy?

Environment:
----------------------------

I am developing with Framework 1.1 and Windows XP. The users are
coming from AD on a Windows 2003 Server.

I have given ASPNET object full access to the folder C:\test. I have
also give ASPNET object full access to Root/CIMV2 in
CompMgmt.msc/Services and Apps/WMI Control

Code:
----------------------------
The DsSettings Object is just a simple class tht contains the Login
and Path information for LDAP.
public bool GrantPermission(string username, string domain, DsSettings
settings)
{
try
{

byte[] bSid = (byte[])DsWrapper.GetUser(username,
settings).DsEntry.Properties["objectSID"].Value;
ManagementObject LogicalFileSecuritySetting = new
ManagementObject( new ManagementPath(
@"ROOT\CIMV2:Win32_LogicalFileSecuritySetting.Path =''c:\\test''") );
ManagementBaseObject outParams;
outParams = LogicalFileSecuritySetting.InvokeMethod("GetSecuri tyDescriptor",
null, null);

ManagementBaseObject Descriptor =
((ManagementBaseObject)(outParams.Properties["Descriptor"].Value));
ManagementBaseObject[] DACLObject = ( ( ManagementBaseObject[] )(
Descriptor.Properties["DACL"].Value ) );

ManagementObject newTrusteeUser = ( new ManagementClass(
@"ROOT\CIMV2:Win32_Trustee" ) ).CreateInstance();
newTrusteeUser["Domain"] = domain;
newTrusteeUser["Name"] = username;
newTrusteeUser["SID"] = bSid;

ManagementObject newACEUser = ( new ManagementClass(
@"ROOT\CIMV2:Win32_Ace" ) ).CreateInstance();
newACEUser["Trustee"] = newTrusteeUser;
newACEUser["AceFlags"] = 3;
newACEUser["AceType"] = 0;
newACEUser["AccessMask"] = 2032127;// Full Access Mask
ManagementBaseObject[] DACLObjectNew = new ManagementBaseObject[]
{newACEUser};
Descriptor.Properties["DACL"].Value = DACLObjectNew;
ManagementBaseObject inParams = null;
inParams = LogicalFileSecuritySetting.GetMethodParameters("Se tSecurityDescriptor");
inParams["Descriptor"] = Descriptor;
outParams = LogicalFileSecuritySetting.InvokeMethod("SetSecuri tyDescriptor",
inParams, null);

// This line is where I get a result back of 1307 in ASP.NET
uint result= (uint)(outParams.Properties["ReturnValue"].Value);

LogicalFileSecuritySetting.Dispose();
return true;
}
catch(Exception exp)
{
throw exp;
}
}
Logs:
----------------------------
C:\WINDOWS\system32\WBEM\Logs\Framework.log
----------------------------
Unable to locate Shell Process, Impersonation failed. 05/06/2004
09:39:06.093 thread:1916 [d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.179]
Shell Name Explorer.exe in Registry not found in process
list. 05/06/2004 09:39:06.203 thread:2540 [d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.163]
Unable to locate Shell Process, Impersonation failed. 05/06/2004
09:39:06.203 thread:2540 [d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.179]
Shell Name Explorer.exe in Registry not found in process
list. 05/06/2004 09:39:07.968 thread:1916 [d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.163]
Unable to locate Shell Process, Impersonation failed. 05/06/2004
09:39:07.984 thread:1916 [d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.179]
Shell Name Explorer.exe in Registry not found in process
list. 05/06/2004 09:39:07.984 thread:1916 [d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.163]
Unable to locate Shell Process, Impersonation failed. 05/06/2004
09:39:08.000 thread:1916 [d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.179]
Shell Name Explorer.exe in Registry not found in process
list. 05/06/2004 09:39:08.093 thread:1916 [d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.163]
Unable to locate Shell Process, Impersonation failed. 05/06/2004
09:39:08.093 thread:1916 [d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.179]
Shell Name Explorer.exe in Registry not found in process
list. 05/06/2004 09:39:08.203 thread:2540 [d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.163]
Unable to locate Shell Process, Impersonation failed. 05/06/2004
09:39:08.203 thread:2540 [d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.179]
Shell Name Explorer.exe in Registry not found in process
list. 05/06/2004 09:39:08.218 thread:2540 [d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.163]
Unable to locate Shell Process, Impersonation failed. 05/06/2004
09:39:08.218 thread:2540 [d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.179]
Shell Name Explorer.exe in Registry not found in process
list. 05/06/2004 09:39:08.312 thread:2540 [d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.163]
Unable to locate Shell Process, Impersonation failed. 05/06/2004
09:39:08.312 thread:2540 [d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.179]

推荐答案

Ben,


你的代码运行'as asASPNET"在将

连接到WMI时使用ASPNET的访问令牌,但ASPNET没有权限更改文件系统对象

ACL'。

所以你需要使用提升的权限运行这个代码,这里你有一个

的选项:

- 或者模仿超级用户(使用你的web配置)文件,或代码),

- 或者,使用高级用户的

身份从服务器类型COM +应用程序运行。

我还建议使用System.DirectoryServices命名空间(并添加

a引用Activeds.tlb)而不是WMI来管理FS ACL,那样

你不必在你的代码中添加System.Management东西,而且你不需要b $ b必须关心WMI安全设置。

Willy。


" Ben Dewey" < BD ****** @ hotmail.com>在消息中写道

news:a7 *********************** @ posting.google.com。 ..
Ben,

Your code run''s as "ASPNET" and uses ASPNET''s access token when connecting
to WMI, however, ASPNET has no privileges to change the filesystem object
ACL''s.
So you need to run this code with elevated privileges, here you have a
number of options:
- or, impersonate a power user (using your web config file, or in code),
- or, run this from a server type COM+ application, using a power user''s
identity.
I would also suggest to use the System.DirectoryServices namespace (and add
a reference to Activeds.tlb) instead of WMI to manage FS ACL''s, that way
you don''t have to add System.Management stuff to your code, and you don''t
have to care about WMI security settings.
Willy.

"Ben Dewey" <bd******@hotmail.com> wrote in message
news:a7***********************@posting.google.com. ..
项目:
----------------------------
权限。为什么重新发明轮子吧?到目前为止,所有内容都与Active Directory配合良好。我遇到的问题是将文件权限添加到目录。我目前正在使用
一些代码礼貌的Willy Denoyette [MVP]

问题:
--------------- -------------

当我尝试在示例控制台应用程序中使用相同的代码将用户权限添加到特定文件夹时,它可以正常工作。当我从ASP.NET执行
代码时,每次都会得到1307的返回代码。

这意味着 - 1307此安全ID可能不会被指定为所有者
这个对象。
http:// www .hiteksoftware.com / mize / Kn ... icles / 049.htm)

谁能告诉我为什么会这样?威利?

环境:
----------------------------

我已经给ASPNET对象提供了对文件夹C:\ test的完全访问权限。我还要给ASPNET对象完全访问Root / CIMV2
CompMgmt.msc / Services和Apps / WMI Control

代码:
----- -----------------------
DsSettings对象只是一个简单的类,包含LDAP的Login
和Path信息。

public bool GrantPermission(字符串用户名,字符串域,DsSettings
设置)
{
尝试
{

byte [] bSid =(byte [])DsWrapper.GetUser(用户名,
设置).DsEntry.Properties [" objectSID"]。值;
ManagementObject LogicalFileSecuritySetting = new
ManagementObject(new ManagementPath(
@" ROOT \CIMV2:Win32_LogicalFileSecuritySetting.Path =''c:\\test''"));
ManagementBaseObject outParams;
outParams =
LogicalFileSecuritySetting。 InvokeMethod(" GetSecuri tyDescriptor",
null,null);

ManagementBaseObject描述符=
((ManagementBaseObject)(outParams.Properties [&quo] t; Descriptor]。值));
ManagementBaseObject [] DACLObject =((ManagementBaseObject [])(
Descriptor.Properties [" DACL"]。Value));

@" ROOT \CIMV2:Win32_Trustee" ).CreateInstance();
newTrusteeUser [" Domain"] = domain;
newTrusteeUser [" Name"] = username;
newTrusteeUser [" SID"] = bSid;

ManagementObject newACEUser =(new ManagementClass(
@" ROOT\CIMV2:Win32_Ace"))。CreateInstance();
newACEUser [" Trustee"] = newTrusteeUser; < br> newACEUser [" AceFlags"] = 3;
newACEUser [" AceType"] = 0;
newACEUser [" AccessMask"] = 2032127; //全面访问面具
ManagementBaseObject [] DACLObjectNew = new ManagementBaseObject []
{newACEUser};
Descriptor.Properties [" DACL"]。Value = DACLObjectNew;
ManagementBaseObject inParams = null;
inParams =
LogicalFileSecuritySetting.GetMethodParameters(" Se tSecurityDescriptor");
inParams [" Descriptor"] = Descriptor;
outParams =
LogicalFileSecuritySetting.InvokeMethod(" SetSecuri tyDescriptor",& inParams,n ull);

//这一行是我在ASP.NET中获得1307结果的地方
uint result =(uint)(outParams.Properties [" ReturnValue"]。 );

LogicalFileSecuritySetting.Dispose();
返回true;
}
catch(例外exp)
{
throw exp;
}
}

日志:
--------------------------- -
C:\ WINDOWS \system32 \ WBEM \ Logs \Framework.log
---------------------- ------
无法找到Shell Process,模拟失败。 05/06/2004
09:39:06.093主题:1916
[d:\ xpsp1 \admin\wmi \wbem \ providers \ win32provider\co mmon\implogonuser。 cpp.179]
在进程
列表中找不到注册表中的Shell名称Explorer.exe。 05/06/2004 09:39:06.203主题:2540
[d:\ xpsp1 \admin \wmi \ wbem \ providers \ win32provider\co mmon\implogonuser.cpp.163]
无法找到Shell Process,模拟失败。 05/06/2004
09:39:06.203主题:2540
[d:\ xpsp1 \admin\wmi \wbem \ providers \ win32provider\co mmon\implogonuser。 cpp.179]
在进程
列表中找不到注册表中的Shell名称Explorer.exe。 05/06/2004 09:39:07.968主题:1916
[d:\ xpsp1 \admin \wmi \wbem \ providers \ win32provider\co mmon \ implogonuser.cpp.163]
无法找到Shell Process,模拟失败。 05/06/2004
09:39:07.984主题:1916
[d:\ xpsp1 \admin\wmi \wbem \ providers \ win32provider\co mmon\implogonuser。 cpp.179]
在进程
列表中找不到注册表中的Shell名称Explorer.exe。 05/06/2004 09:39:07.984主题:1916
[d:\ xpsp1 \admin\wmi \wbem \ providers\win32provider\co mmon\implogonuser.cpp.163]
无法找到Shell Process,模拟失败。 05/06/2004
09:39:08.000主题:1916
[d:\ xpsp1 \admin\wmi \wbem \ providers \ win32provider\co mmon\implogonuser。 cpp.179]
在进程
列表中找不到注册表中的Shell名称Explorer.exe。 05/06/2004 09:39:08.093主题:1916
[d:\ xpsp1 \admin\wmi \wbem \ providers \ win32provider\co mmon \ implogonuser.cpp.163]
无法找到Shell Process,模拟失败。 05/06/2004
09:39:08.093主题:1916
[d:\ xpsp1 \admin\wmi \wbem \ providers \ win32provider\co mmon\implogonuser。 cpp.179]
在进程
列表中找不到注册表中的Shell名称Explorer.exe。 05/06/2004 09:39:08.203主题:2540
[d:\ xpsp1 \admin \wmi \ wbem \ providers \ win32provider\co mmon \ implogonuser.cpp.163]
无法找到Shell Process,模拟失败。 05/06/2004
09:39:08.203主题:2540
[d:\ xpsp1 \admin \wmi \ wbem \ providers \ win32provider\co mmon\implogonuser。 cpp.179]
在进程
列表中找不到注册表中的Shell名称Explorer.exe。 05/06/2004 09:39:08.218主题:2540
[d:\ xpsp1 \admin \wmi \ wbem \ providers \ win32provider\co mmon \ implogonuser.cpp.163]
无法找到Shell Process,模拟失败。 05/06/2004
09:39:08.218主题:2540
[d:\ xpsp1 \admin \wmi \ wbem \ providers \ win32provider\co mmon\implogonuser。 cpp.179]
在进程
列表中找不到注册表中的Shell名称Explorer.exe。 05/06/2004 09:39:08.312主题:2540
[d:\ xpsp1 \admin \wmi \ wbem \ providers \ win32provider\co mmon\implogonuser.cpp.163]
无法找到Shell Process,模拟失败。 05/06/2004
09:39:08.312主题:2540
[d:\ xpsp1 \admin\wmi \wbem \ providers \ win32provider\co mmon\implogonuser。 cpp.179]
Project:
----------------------------

I am creating a HTTPS File Transfer App using ASP.NET and C#. I am
utilizing ActiveDirectory and windows security to manage the
permissions. Why reinvent the wheel, right? Everything so far is
working well with the Active Directory. The problem I am having is
with adding File Permissions to a directory. I am currently using
some code courtesy of "Willy Denoyette [MVP]"

Problem:
----------------------------

When I try to add user permissions to a specific folder using the same
code in a sample console app it works correctly. When I execute the
code from ASP.NET I get a return code of 1307, everytime.

Which means - 1307 This security ID may not be assigned as the owner
of this object.
(http://www.hiteksoftware.com/mize/Kn...icles/049.htm).

Can anyone tell me why this is happening? Willy?

Environment:
----------------------------

I am developing with Framework 1.1 and Windows XP. The users are
coming from AD on a Windows 2003 Server.

I have given ASPNET object full access to the folder C:\test. I have
also give ASPNET object full access to Root/CIMV2 in
CompMgmt.msc/Services and Apps/WMI Control

Code:
----------------------------
The DsSettings Object is just a simple class tht contains the Login
and Path information for LDAP.
public bool GrantPermission(string username, string domain, DsSettings
settings)
{
try
{

byte[] bSid = (byte[])DsWrapper.GetUser(username,
settings).DsEntry.Properties["objectSID"].Value;
ManagementObject LogicalFileSecuritySetting = new
ManagementObject( new ManagementPath(
@"ROOT\CIMV2:Win32_LogicalFileSecuritySetting.Path =''c:\\test''") );
ManagementBaseObject outParams;
outParams =
LogicalFileSecuritySetting.InvokeMethod("GetSecuri tyDescriptor",
null, null);

ManagementBaseObject Descriptor =
((ManagementBaseObject)(outParams.Properties["Descriptor"].Value));
ManagementBaseObject[] DACLObject = ( ( ManagementBaseObject[] )(
Descriptor.Properties["DACL"].Value ) );

ManagementObject newTrusteeUser = ( new ManagementClass(
@"ROOT\CIMV2:Win32_Trustee" ) ).CreateInstance();
newTrusteeUser["Domain"] = domain;
newTrusteeUser["Name"] = username;
newTrusteeUser["SID"] = bSid;

ManagementObject newACEUser = ( new ManagementClass(
@"ROOT\CIMV2:Win32_Ace" ) ).CreateInstance();
newACEUser["Trustee"] = newTrusteeUser;
newACEUser["AceFlags"] = 3;
newACEUser["AceType"] = 0;
newACEUser["AccessMask"] = 2032127;// Full Access Mask
ManagementBaseObject[] DACLObjectNew = new ManagementBaseObject[]
{newACEUser};
Descriptor.Properties["DACL"].Value = DACLObjectNew;
ManagementBaseObject inParams = null;
inParams =
LogicalFileSecuritySetting.GetMethodParameters("Se tSecurityDescriptor");
inParams["Descriptor"] = Descriptor;
outParams =
LogicalFileSecuritySetting.InvokeMethod("SetSecuri tyDescriptor",
inParams, null);

// This line is where I get a result back of 1307 in ASP.NET
uint result= (uint)(outParams.Properties["ReturnValue"].Value);

LogicalFileSecuritySetting.Dispose();
return true;
}
catch(Exception exp)
{
throw exp;
}
}
Logs:
----------------------------
C:\WINDOWS\system32\WBEM\Logs\Framework.log
----------------------------
Unable to locate Shell Process, Impersonation failed. 05/06/2004
09:39:06.093 thread:1916
[d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.179]
Shell Name Explorer.exe in Registry not found in process
list. 05/06/2004 09:39:06.203 thread:2540
[d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.163]
Unable to locate Shell Process, Impersonation failed. 05/06/2004
09:39:06.203 thread:2540
[d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.179]
Shell Name Explorer.exe in Registry not found in process
list. 05/06/2004 09:39:07.968 thread:1916
[d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.163]
Unable to locate Shell Process, Impersonation failed. 05/06/2004
09:39:07.984 thread:1916
[d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.179]
Shell Name Explorer.exe in Registry not found in process
list. 05/06/2004 09:39:07.984 thread:1916
[d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.163]
Unable to locate Shell Process, Impersonation failed. 05/06/2004
09:39:08.000 thread:1916
[d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.179]
Shell Name Explorer.exe in Registry not found in process
list. 05/06/2004 09:39:08.093 thread:1916
[d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.163]
Unable to locate Shell Process, Impersonation failed. 05/06/2004
09:39:08.093 thread:1916
[d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.179]
Shell Name Explorer.exe in Registry not found in process
list. 05/06/2004 09:39:08.203 thread:2540
[d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.163]
Unable to locate Shell Process, Impersonation failed. 05/06/2004
09:39:08.203 thread:2540
[d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.179]
Shell Name Explorer.exe in Registry not found in process
list. 05/06/2004 09:39:08.218 thread:2540
[d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.163]
Unable to locate Shell Process, Impersonation failed. 05/06/2004
09:39:08.218 thread:2540
[d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.179]
Shell Name Explorer.exe in Registry not found in process
list. 05/06/2004 09:39:08.312 thread:2540
[d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.163]
Unable to locate Shell Process, Impersonation failed. 05/06/2004
09:39:08.312 thread:2540
[d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.179]



Willy,


如何通过web.config设置模拟?


我尝试使用下面的代码,但我一直得到一个安全ID

结构无效。错误。这就是你在谈论的事情吗?


另外,你听说过Microsoft.Win32.Security命名空间

http://www.gotdotnet.com/Community/U...ampleGuid= e609

8575-dda0-48b8-9abf-e0705af065d9)。我正在玩那个有点

位,它似乎工作。使用这个命名空间有什么问题吗?

代码:

----------------------- ---------------

ADsSecurityUtilityClass secuUtil = new ADsSecurityUtilityClass();

object secuDesc = secuUtil.GetSecurityDescriptor(

this.FolderName,

(int)ActiveDs.ADS_PATHTYPE_ENUM.ADS_PATH_FILE,

(int)ActiveDs.ADS_SD_FORMAT_ENUM.ADS_SD_FORMAT_IID);

if(secuDesc!= null)

{

//因为我们要求ADS_SD_FORMAT_IID格式,这意味着返回的

//对象是IADsSecurityDescriptor。所以我们可以使用这个

//对象上的方法来获取有关secutity descrptor的更多信息。

ActiveDs.IADsSecurityDescriptor folderSD =(IADsSecurityDescriptor)secuDesc;


AccessControlEntry newAce = new AccessControlEntryClass();

ActiveDs.IADsAccessControlList folderAcl =

(ActiveDs.IADsAccessControlList)folderSD.Discretio naryAcl;


newAce.AceType =(int)ActiveDs.ADS_ACETYPE_ENUM.ADS_ACETYPE_ACCESS_允许;

开关(permissionType)

{

case DsPermissionTypes.Read:

newAce.AccessMask = DsPermissions.FILE_LIST_DIRECTORY;

break;

case DsPermissionTypes.Write:

newAce.AccessMask = DsPermissions.FILE_ADD_FILE |

DsPermissions.FILE_ADD_SUBDIRECTORY;

break;

case DsPermissionTypes.Delete:

newAce.AccessMask = DsPermissions.FILE_DELETE_CHILD |

DsPermissions.FILE_TRAVERSE;

break;

案例DsPermissionTypes.ChangePermissions:

newAce.AccessMask = DsPermissions.WRITE_DAC |

DsPermissions.READ_CONTROL;

break ;

}


newAce.AceFlags =(int)ActiveDs.ADS_ACEFLAG_ENUM.ADS _ACEFLAG_INHERIT_ACE;

newAce.Flags =(int )ActiveDs.ADS_FLAGTYPE_ENUM.ADS_F LAG_OBJECT_TYPE_PRESENT

| (int)ActiveDs.ADS_FLAGTYPE_ENUM.ADS_FLAG_INHERITED _OBJECT_TYPE_PRESENT;


newAce.AceType =(int)ADS_ACETYPE_ENUM.ADS_ACETYPE_ACCESS_ALLOWED;

newAce.Trustee = @" bdewey" ;

newAce.AccessMask = -1;


string trustee =(domain == null)?username:domain + @" \" +用户名;

newAce.Trustee =受托人;


folderAcl.AddAce(newAce);

folderSD.DiscretionaryAcl = folderAcl;


secuUtil.SetSecurityDescriptor(this.FolderName,

(int)ActiveDs.ADS_PATHTYPE_ENUM.ADS_PATH_FILE,

folderSD,
(int)ActiveDs.ADS_SD_FORMAT_ENUM.ADS_SD_FORMAT_IID);

}


" Willy Denoyette [MVP]" <无线************* @ pandora.be>在留言中写道

news:e0 ************** @ tk2msftngp13.phx.gbl ...
Willy,

How do I set up the impersonation through web.config?

I tried using this code below, but I kept getting a "The security ID
structure is invalid." error. Is this what you were talking about doing?

Also, have you ever heard of the Microsoft.Win32.Security Namespace
(http://www.gotdotnet.com/Community/U...ampleGuid=e609
8575-dda0-48b8-9abf-e0705af065d9). I was playing around with that a little
bit and it seemed to work. Are there any issues with using this namespace?
Code:
--------------------------------------
ADsSecurityUtilityClass secuUtil = new ADsSecurityUtilityClass();
object secuDesc = secuUtil.GetSecurityDescriptor(
this.FolderName,
(int)ActiveDs.ADS_PATHTYPE_ENUM.ADS_PATH_FILE,
(int)ActiveDs.ADS_SD_FORMAT_ENUM.ADS_SD_FORMAT_IID );
if (secuDesc != null)
{
// Since we asked for ADS_SD_FORMAT_IID format, that means the returned
// object is IADsSecurityDescriptor. So we can use the methods on this
// object to get more information about the secutity descrptor.
ActiveDs.IADsSecurityDescriptor folderSD = (IADsSecurityDescriptor)secuDesc;

AccessControlEntry newAce = new AccessControlEntryClass();
ActiveDs.IADsAccessControlList folderAcl =
(ActiveDs.IADsAccessControlList)folderSD.Discretio naryAcl;

newAce.AceType = (int)ActiveDs.ADS_ACETYPE_ENUM.ADS_ACETYPE_ACCESS_ ALLOWED;
switch (permissionType)
{
case DsPermissionTypes.Read:
newAce.AccessMask = DsPermissions.FILE_LIST_DIRECTORY;
break;
case DsPermissionTypes.Write:
newAce.AccessMask = DsPermissions.FILE_ADD_FILE |
DsPermissions.FILE_ADD_SUBDIRECTORY;
break;
case DsPermissionTypes.Delete:
newAce.AccessMask = DsPermissions.FILE_DELETE_CHILD |
DsPermissions.FILE_TRAVERSE;
break;
case DsPermissionTypes.ChangePermissions:
newAce.AccessMask = DsPermissions.WRITE_DAC |
DsPermissions.READ_CONTROL;
break;
}

newAce.AceFlags=(int)ActiveDs.ADS_ACEFLAG_ENUM.ADS _ACEFLAG_INHERIT_ACE;
newAce.Flags=(int)ActiveDs.ADS_FLAGTYPE_ENUM.ADS_F LAG_OBJECT_TYPE_PRESENT
| (int)ActiveDs.ADS_FLAGTYPE_ENUM.ADS_FLAG_INHERITED _OBJECT_TYPE_PRESENT;

newAce.AceType = (int)ADS_ACETYPE_ENUM.ADS_ACETYPE_ACCESS_ALLOWED;
newAce.Trustee = @"bdewey";
newAce.AccessMask = -1;

string trustee = (domain==null)?username:domain + @"\" + username;
newAce.Trustee = trustee;

folderAcl.AddAce(newAce);
folderSD.DiscretionaryAcl = folderAcl;

secuUtil.SetSecurityDescriptor(this.FolderName,
(int)ActiveDs.ADS_PATHTYPE_ENUM.ADS_PATH_FILE,
folderSD,
(int)ActiveDs.ADS_SD_FORMAT_ENUM.ADS_SD_FORMAT_IID );
}

"Willy Denoyette [MVP]" <wi*************@pandora.be> wrote in message
news:e0**************@tk2msftngp13.phx.gbl...
Ben,
你的代码运行'as as ASPNET"并且在连接到WMI时使用ASPNET的访问令牌,但是,ASPNET没有权限更改文件系统对象
ACL'。
所以你需要用高架运行这个代码特权,这里你有多个选项:
- 或者,冒充高级用户(使用你的web配置文件或代码),
- 或者,从服务器类型运行它COM +应用程序,使用高级用户的身份。
我还建议使用System.DirectoryServices命名空间(和
添加对Activeds.tlb的引用)而不是WMI来管理FS ACL,那样你就不必在你的代码中添加System.Management东西了,你也不必关心WMI的安全设置。

Willy。

Ben Dewey < BD ****** @ hotmail.com>在消息中写道
新闻:a7 *********************** @ posting.google.com。 ..
Ben,

Your code run''s as "ASPNET" and uses ASPNET''s access token when connecting
to WMI, however, ASPNET has no privileges to change the filesystem object
ACL''s.
So you need to run this code with elevated privileges, here you have a
number of options:
- or, impersonate a power user (using your web config file, or in code),
- or, run this from a server type COM+ application, using a power user''s
identity.
I would also suggest to use the System.DirectoryServices namespace (and add a reference to Activeds.tlb) instead of WMI to manage FS ACL''s, that way
you don''t have to add System.Management stuff to your code, and you don''t
have to care about WMI security settings.
Willy.

"Ben Dewey" <bd******@hotmail.com> wrote in message
news:a7***********************@posting.google.com. ..
项目:
----------------------------
权限。为什么重新发明轮子吧?到目前为止,所有内容都与Active Directory配合良好。我遇到的问题是将文件权限添加到目录。我目前正在使用
一些代码礼貌的Willy Denoyette [MVP]

问题:
--------------- -------------

当我尝试在示例控制台应用程序中使用相同的代码将用户权限添加到特定文件夹时,它可以正常工作。当我从ASP.NET执行
代码时,每次都会得到1307的返回代码。

这意味着 - 1307此安全ID可能不会被指定为所有者
这个对象。
http:// www .hiteksoftware.com / mize / Kn ... icles / 049.htm)

谁能告诉我为什么会这样?威利?

环境:
----------------------------

我已经给ASPNET对象提供了对文件夹C:\ test的完全访问权限。我还要给ASPNET对象完全访问Root / CIMV2
CompMgmt.msc / Services和Apps / WMI Control

代码:
----- -----------------------
DsSettings对象只是一个简单的类,包含LDAP的Login
和Path信息。

public bool GrantPermission(字符串用户名,字符串域,DsSettings
设置)
{
尝试
{

byte [] bSid =(byte [])DsWrapper.GetUser(用户名,
设置).DsEntry.Properties [" objectSID"]。值;
ManagementObject LogicalFileSecuritySetting = new
ManagementObject(new ManagementPath(
@" ROOT \CIMV2:Win32_LogicalFileSecuritySetting.Path =''c:\\test''"));
ManagementBaseObject outParams;
outParams =
LogicalFileSecuritySetting。 InvokeMethod(" GetSecuri tyDescriptor",
null,null);

ManagementBaseObject描述符=
((ManagementBaseObject)(outParams.Properties [&quo] t; Descriptor]。值));
ManagementBaseObject [] DACLObject =((ManagementBaseObject [])(
Descriptor.Properties [" DACL"]。Value));

@" ROOT \CIMV2:Win32_Trustee" ).CreateInstance();
newTrusteeUser [" Domain"] = domain;
newTrusteeUser [" Name"] = username;
newTrusteeUser [" SID"] = bSid;

ManagementObject newACEUser =(new ManagementClass(
@" ROOT\CIMV2:Win32_Ace"))。CreateInstance();
newACEUser [" Trustee"] = newTrusteeUser; < br> newACEUser [" AceFlags"] = 3;
newACEUser [" AceType"] = 0;
newACEUser [" AccessMask"] = 2032127; //全面访问面具
ManagementBaseObject [] DACLObjectNew = new ManagementBaseObject []
{newACEUser};
Descriptor.Properties [" DACL"]。Value = DACLObjectNew;
ManagementBaseObject inParams = null;
inParams =
LogicalFileSecuritySetting.GetMethodParameters(" Se tSecurityDescriptor");
inParams [" Descriptor"] = Descriptor;
outParams =
LogicalFileSecuritySetting.InvokeMethod(" SetSecuri tyDescriptor",& inParams,n ull);

//这一行是我在ASP.NET中获得1307结果的地方
uint result =(uint)(outParams.Properties [" ReturnValue"]。 );

LogicalFileSecuritySetting.Dispose();
返回true;
}
catch(例外exp)
{
throw exp;
}
}

日志:
--------------------------- -
C:\ WINDOWS \system32 \ WBEM \ Logs \Framework.log
---------------------- ------
无法找到Shell Process,模拟失败。 05/06/2004
09:39:06.093主题:1916

[d:\ xpsp1 \admin \wmi \ wbem \ providers \ win32provider\co mmon \ implogonuser.cpp.179

]在进程
列表中找不到注册表中的Shell名称Explorer.exe。 05/06/2004 09:39:06.203主题:2540

[d:\ xpsp1 \admin \wmi \ wbem \ providers \ win32provider\co mmon\implogonuser。 cpp.163

]无法找到Shell Process,模拟失败。 05/06/2004
09:39:06.203主题:2540

[d:\ xpsp1 \admin \wmi \ wbem \ providers \ win32provider\co mmon \ implogonuser.cpp.179

]在进程
列表中找不到注册表中的Shell名称Explorer.exe。 05/06/2004 09:39:07.968主题:1916

[d:\ xpsp1 \admin\wmi \wbem \ providers \ win32provider\co mmon\implogonuser。 cpp.163

]无法找到Shell Process,模拟失败。 05/06/2004
09:39:07.984主题:1916

[d:\ xpsp1 \admin \wmi \ wbem \ providers \ win32provider\co mmon \ implogonuser.cpp.179

]在进程
列表中找不到注册表中的Shell名称Explorer.exe。 05/06/2004 09:39:07.984主题:1916

[d:\ xpsp1 \admin\wmi \wbem \ providers \ win32provider\co mmon\implogonuser。 cpp.163

]无法找到Shell Process,模拟失败。 05/06/2004
09:39:08.000主题:1916

[d:\ xpsp1 \admin \wmi \ wbem \ providers \ win32provider\co mmon \ implogonuser.cpp.179

]在进程
列表中找不到注册表中的Shell名称Explorer.exe。 05/06/2004 09:39:08.093主题:1916

[d:\ xpsp1 \admin\wmi \wbem \ providers \ win32provider\co mmon\implogonuser。 cpp.163

]无法找到Shell Process,模拟失败。 05/06/2004
09:39:08.093主题:1916

[d:\ xpsp1 \admin \wmi \ wbem \ providers \ win32provider\co mmon \ implogonuser.cpp.179

]在进程
列表中找不到注册表中的Shell名称Explorer.exe。 05/06/2004 09:39:08.203主题:2540

[d:\ xpsp1 \admin \wmi \ wbem \ providers \ win32provider\co mmon\implogonuser。 cpp.163

]无法找到Shell Process,模拟失败。 05/06/2004
09:39:08.203主题:2540

[d:\ xpsp1 \admin \wmi \ wbem \ providers \ win32provider\co mmon \ implogonuser.cpp.179

]在进程
列表中找不到注册表中的Shell名称Explorer.exe。 05/06/2004 09:39:08.218主题:2540

[d:\ xpsp1 \admin \wmi \ wbem \ providers \ win32provider\co mmon\implogonuser。 cpp.163

]无法找到Shell Process,模拟失败。 05/06/2004
09:39:08.218主题:2540

[d:\ xpsp1 \admin \wmi \ wbem \ providers \ win32provider\co mmon \ implogonuser.cpp.179

]在进程
列表中找不到注册表中的Shell名称Explorer.exe。 05/06/2004 09:39:08.312主题:2540

[d:\ xpsp1 \admin\wmi \wbem \ providers \ win32provider\co mmon\implogonuser。 cpp.163

]无法找到Shell Process,模拟失败。 05/06/2004
09:39:08.312主题:2540
Project:
----------------------------

I am creating a HTTPS File Transfer App using ASP.NET and C#. I am
utilizing ActiveDirectory and windows security to manage the
permissions. Why reinvent the wheel, right? Everything so far is
working well with the Active Directory. The problem I am having is
with adding File Permissions to a directory. I am currently using
some code courtesy of "Willy Denoyette [MVP]"

Problem:
----------------------------

When I try to add user permissions to a specific folder using the same
code in a sample console app it works correctly. When I execute the
code from ASP.NET I get a return code of 1307, everytime.

Which means - 1307 This security ID may not be assigned as the owner
of this object.
(http://www.hiteksoftware.com/mize/Kn...icles/049.htm).

Can anyone tell me why this is happening? Willy?

Environment:
----------------------------

I am developing with Framework 1.1 and Windows XP. The users are
coming from AD on a Windows 2003 Server.

I have given ASPNET object full access to the folder C:\test. I have
also give ASPNET object full access to Root/CIMV2 in
CompMgmt.msc/Services and Apps/WMI Control

Code:
----------------------------
The DsSettings Object is just a simple class tht contains the Login
and Path information for LDAP.
public bool GrantPermission(string username, string domain, DsSettings
settings)
{
try
{

byte[] bSid = (byte[])DsWrapper.GetUser(username,
settings).DsEntry.Properties["objectSID"].Value;
ManagementObject LogicalFileSecuritySetting = new
ManagementObject( new ManagementPath(
@"ROOT\CIMV2:Win32_LogicalFileSecuritySetting.Path =''c:\\test''") );
ManagementBaseObject outParams;
outParams =
LogicalFileSecuritySetting.InvokeMethod("GetSecuri tyDescriptor",
null, null);

ManagementBaseObject Descriptor =
((ManagementBaseObject)(outParams.Properties["Descriptor"].Value));
ManagementBaseObject[] DACLObject = ( ( ManagementBaseObject[] )(
Descriptor.Properties["DACL"].Value ) );

ManagementObject newTrusteeUser = ( new ManagementClass(
@"ROOT\CIMV2:Win32_Trustee" ) ).CreateInstance();
newTrusteeUser["Domain"] = domain;
newTrusteeUser["Name"] = username;
newTrusteeUser["SID"] = bSid;

ManagementObject newACEUser = ( new ManagementClass(
@"ROOT\CIMV2:Win32_Ace" ) ).CreateInstance();
newACEUser["Trustee"] = newTrusteeUser;
newACEUser["AceFlags"] = 3;
newACEUser["AceType"] = 0;
newACEUser["AccessMask"] = 2032127;// Full Access Mask
ManagementBaseObject[] DACLObjectNew = new ManagementBaseObject[]
{newACEUser};
Descriptor.Properties["DACL"].Value = DACLObjectNew;
ManagementBaseObject inParams = null;
inParams =
LogicalFileSecuritySetting.GetMethodParameters("Se tSecurityDescriptor");
inParams["Descriptor"] = Descriptor;
outParams =
LogicalFileSecuritySetting.InvokeMethod("SetSecuri tyDescriptor",
inParams, null);

// This line is where I get a result back of 1307 in ASP.NET
uint result= (uint)(outParams.Properties["ReturnValue"].Value);

LogicalFileSecuritySetting.Dispose();
return true;
}
catch(Exception exp)
{
throw exp;
}
}
Logs:
----------------------------
C:\WINDOWS\system32\WBEM\Logs\Framework.log
----------------------------
Unable to locate Shell Process, Impersonation failed. 05/06/2004
09:39:06.093 thread:1916
[d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.179
] Shell Name Explorer.exe in Registry not found in process
list. 05/06/2004 09:39:06.203 thread:2540
[d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.163
] Unable to locate Shell Process, Impersonation failed. 05/06/2004
09:39:06.203 thread:2540
[d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.179
] Shell Name Explorer.exe in Registry not found in process
list. 05/06/2004 09:39:07.968 thread:1916
[d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.163
] Unable to locate Shell Process, Impersonation failed. 05/06/2004
09:39:07.984 thread:1916
[d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.179
] Shell Name Explorer.exe in Registry not found in process
list. 05/06/2004 09:39:07.984 thread:1916
[d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.163
] Unable to locate Shell Process, Impersonation failed. 05/06/2004
09:39:08.000 thread:1916
[d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.179
] Shell Name Explorer.exe in Registry not found in process
list. 05/06/2004 09:39:08.093 thread:1916
[d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.163
] Unable to locate Shell Process, Impersonation failed. 05/06/2004
09:39:08.093 thread:1916
[d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.179
] Shell Name Explorer.exe in Registry not found in process
list. 05/06/2004 09:39:08.203 thread:2540
[d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.163
] Unable to locate Shell Process, Impersonation failed. 05/06/2004
09:39:08.203 thread:2540
[d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.179
] Shell Name Explorer.exe in Registry not found in process
list. 05/06/2004 09:39:08.218 thread:2540
[d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.163
] Unable to locate Shell Process, Impersonation failed. 05/06/2004
09:39:08.218 thread:2540
[d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.179
] Shell Name Explorer.exe in Registry not found in process
list. 05/06/2004 09:39:08.312 thread:2540
[d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.163
] Unable to locate Shell Process, Impersonation failed. 05/06/2004
09:39:08.312 thread:2540


[d:\ xpsp1 \admin \wmi \ wbem \ providers \ win32provider\co mmon \ implogonuser.cpp.179

]

[d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.179
]



检查出来

http:/ /msdn.microsoft.com/library/de...ersonation.asp
http://msdn.microsoft.com/library/de...SecNetAP05.asp
http ://msdn.microsoft.com/library/de...itysection.asp

" Ben Dewey" <是******* @ scientiae.com>在消息中写道

news:Ob ************** @ TK2MSFTNGP12.phx.gbl ...
Check ''em out

http://msdn.microsoft.com/library/de...ersonation.asp
http://msdn.microsoft.com/library/de...SecNetAP05.asp
http://msdn.microsoft.com/library/de...itysection.asp
"Ben Dewey" <be*******@scientiae.com> wrote in message
news:Ob**************@TK2MSFTNGP12.phx.gbl...
Willy,
如何通过web.config设置模拟?

我尝试使用下面的代码,但我一直得到一个安全ID
结构无效。 "错误。这是你在说什么吗?

另外,你听说过Microsoft.Win32.Security命名空间

http://www.gotdotnet.com/Community/U...ampleGuid=e609 8575-dda0-48b8-9abf-e0705af065d9)。我正在玩这个
一点点,它似乎工作。使用这个
命名空间有什么问题吗?

代码:
----------------------- ---------------
ADsSecurityUtilityClass secuUtil = new ADsSecurityUtilityClass();
对象secuDesc = secuUtil.GetSecurityDescriptor(
this.FolderName,
(int)ActiveDs.ADS_PATHTYPE_ENUM.ADS_PATH_FILE,
(int)ActiveDs.ADS_SD_FORMAT_ENUM.ADS_SD_FORMAT_IID);
if(secuDesc!= null)
//
//因为我们要求ADS_SD_FORMAT_IID格式,这意味着返回的
//对象是IADsSecurityDescriptor。 So we can use the methods on this
// object to get more information about the secutity descrptor.
ActiveDs.IADsSecurityDescriptor folderSD =
(IADsSecurityDescriptor)secuDesc;
AccessControlEntry newAce = new AccessControlEntryClass();
ActiveDs.IADsAccessControlList folderAcl =
(ActiveDs.IADsAccessControlList)folderSD.Discretio naryAcl;

newAce.AceType =
(int)ActiveDs.ADS_ACETYPE_ENUM.ADS_ACETYPE_ACCESS_ ALLOWED; switch (permissionType)
{
case DsPermissionTypes.Read:
newAce.AccessMask = DsPermissions.FILE_LIST_DIRECTORY;
break;
case DsPermissionTypes.Write:
newAce.AccessMask = DsPermissions.FILE_ADD_FILE |
DsPermissions.FILE_ADD_SUBDIRECTORY;
break;
case DsPermissionTypes.Delete:
newAce.AccessMask = DsPermissions.FILE_DELETE_CHILD |
DsPermissions.FILE_TRAVERSE;
break;
case DsPermissionTypes.ChangePermissions:
newAce.AccessMask = DsPermissions.WRITE_DAC |
DsPermissions.READ_CONTROL;
break;
}

newAce.AceFlags=(int)ActiveDs.ADS_ACEFLAG_ENUM.ADS _ACEFLAG_INHERIT_ACE;
newAce.Flags=(int)ActiveDs.ADS_FLAGTYPE_ENUM.ADS_F LAG_OBJECT_TYPE_PRESENT
| (int)ActiveDs.ADS_FLAGTYPE_ENUM.ADS_FLAG_INHERITED _OBJECT_TYPE_PRESENT;

newAce.AceType = (int)ADS_ACETYPE_ENUM.ADS_ACETYPE_ACCESS_ALLOWED;
newAce.Trustee = @"bdewey";
newAce.AccessMask = -1;

string trustee = (domain==null)?username:domain + @"\" + username;
newAce.Trustee = trustee;

folderAcl.AddAce(newAce);
folderSD.DiscretionaryAcl = folderAcl;

secuUtil.SetSecurityDescriptor(this.FolderName,
(int)ActiveDs.ADS_PATHTYPE_ENUM.ADS_PATH_FILE,
folderSD,
(int)ActiveDs.ADS_SD_FORMAT_ENUM.ADS_SD_FORMAT_IID );
}

"Willy Denoyette [MVP]" <无线************* @ pandora.be> wrote in message
news:e0**************@tk2msftngp13.phx.gbl...
Willy,

How do I set up the impersonation through web.config?

I tried using this code below, but I kept getting a "The security ID
structure is invalid." error. Is this what you were talking about doing?

Also, have you ever heard of the Microsoft.Win32.Security Namespace
(http://www.gotdotnet.com/Community/U...ampleGuid=e609 8575-dda0-48b8-9abf-e0705af065d9). I was playing around with that a little bit and it seemed to work. Are there any issues with using this namespace?

Code:
--------------------------------------
ADsSecurityUtilityClass secuUtil = new ADsSecurityUtilityClass();
object secuDesc = secuUtil.GetSecurityDescriptor(
this.FolderName,
(int)ActiveDs.ADS_PATHTYPE_ENUM.ADS_PATH_FILE,
(int)ActiveDs.ADS_SD_FORMAT_ENUM.ADS_SD_FORMAT_IID );
if (secuDesc != null)
{
// Since we asked for ADS_SD_FORMAT_IID format, that means the returned
// object is IADsSecurityDescriptor. So we can use the methods on this
// object to get more information about the secutity descrptor.
ActiveDs.IADsSecurityDescriptor folderSD = (IADsSecurityDescriptor)secuDesc;
AccessControlEntry newAce = new AccessControlEntryClass();
ActiveDs.IADsAccessControlList folderAcl =
(ActiveDs.IADsAccessControlList)folderSD.Discretio naryAcl;

newAce.AceType = (int)ActiveDs.ADS_ACETYPE_ENUM.ADS_ACETYPE_ACCESS_ ALLOWED; switch (permissionType)
{
case DsPermissionTypes.Read:
newAce.AccessMask = DsPermissions.FILE_LIST_DIRECTORY;
break;
case DsPermissionTypes.Write:
newAce.AccessMask = DsPermissions.FILE_ADD_FILE |
DsPermissions.FILE_ADD_SUBDIRECTORY;
break;
case DsPermissionTypes.Delete:
newAce.AccessMask = DsPermissions.FILE_DELETE_CHILD |
DsPermissions.FILE_TRAVERSE;
break;
case DsPermissionTypes.ChangePermissions:
newAce.AccessMask = DsPermissions.WRITE_DAC |
DsPermissions.READ_CONTROL;
break;
}

newAce.AceFlags=(int)ActiveDs.ADS_ACEFLAG_ENUM.ADS _ACEFLAG_INHERIT_ACE;
newAce.Flags=(int)ActiveDs.ADS_FLAGTYPE_ENUM.ADS_F LAG_OBJECT_TYPE_PRESENT
| (int)ActiveDs.ADS_FLAGTYPE_ENUM.ADS_FLAG_INHERITED _OBJECT_TYPE_PRESENT;

newAce.AceType = (int)ADS_ACETYPE_ENUM.ADS_ACETYPE_ACCESS_ALLOWED;
newAce.Trustee = @"bdewey";
newAce.AccessMask = -1;

string trustee = (domain==null)?username:domain + @"\" + username;
newAce.Trustee = trustee;

folderAcl.AddAce(newAce);
folderSD.DiscretionaryAcl = folderAcl;

secuUtil.SetSecurityDescriptor(this.FolderName,
(int)ActiveDs.ADS_PATHTYPE_ENUM.ADS_PATH_FILE,
folderSD,
(int)ActiveDs.ADS_SD_FORMAT_ENUM.ADS_SD_FORMAT_IID );
}

"Willy Denoyette [MVP]" <wi*************@pandora.be> wrote in message
news:e0**************@tk2msftngp13.phx.gbl...
Ben,

Your code run’’s as "ASPNET" and uses ASPNET’’s access token when
connecting
Ben,

Your code run''s as "ASPNET" and uses ASPNET''s access token when connecting
to WMI, however, ASPNET has no privileges to change the filesystem
object ACL’’s.
So you need to run this code with elevated privileges, here you have a
number of options:
- or, impersonate a power user (using your web config file, or in
code), - or, run this from a server type COM+ application, using a power
user’’s identity.
I would also suggest to use the System.DirectoryServices namespace (and add
to WMI, however, ASPNET has no privileges to change the filesystem object ACL''s.
So you need to run this code with elevated privileges, here you have a
number of options:
- or, impersonate a power user (using your web config file, or in code), - or, run this from a server type COM+ application, using a power user''s identity.
I would also suggest to use the System.DirectoryServices namespace (and add
a reference to Activeds.tlb) instead of WMI to manage FS ACL’’s, that
way you don’’t have to add System.Management stuff to your code, and you
don’’t have to care about WMI security settings.

Willy.

"Ben Dewey" <bd******@hotmail.com> wrote in message
news:a7***********************@posting.google.com. ..
a reference to Activeds.tlb) instead of WMI to manage FS ACL''s, that way you don''t have to add System.Management stuff to your code, and you don''t have to care about WMI security settings.
Willy.

"Ben Dewey" <bd******@hotmail.com> wrote in message
news:a7***********************@posting.google.com. ..
Project:
----------------------------

I am creating a HTTPS File Transfer App using ASP.NET and C#. I am
utilizing ActiveDirectory and windows security to manage the
permissions. Why reinvent the wheel, right? Everything so far is
working well with the Active Directory. The problem I am having is
with adding File Permissions to a directory. I am currently using
some code courtesy of "Willy Denoyette [MVP]"

Problem:
----------------------------

When I try to add user permissions to a specific folder using the same
code in a sample console app it works correctly. When I execute the
code from ASP.NET I get a return code of 1307, everytime.

Which means - 1307 This security ID may not be assigned as the owner
of this object.
(http://www.hiteksoftware.com/mize/Kn...icles/049.htm).

Can anyone tell me why this is happening? Willy?

Environment:
----------------------------

I am developing with Framework 1.1 and Windows XP. The users are
coming from AD on a Windows 2003 Server.

I have given ASPNET object full access to the folder C:\test. I have
also give ASPNET object full access to Root/CIMV2 in
CompMgmt.msc/Services and Apps/WMI Control

Code:
----------------------------
The DsSettings Object is just a simple class tht contains the Login
and Path information for LDAP.

public bool GrantPermission(string username, string domain, DsSettings
settings)
{
try
{

byte[] bSid = (byte[])DsWrapper.GetUser(username,
settings).DsEntry.Properties["objectSID"].Value;
ManagementObject LogicalFileSecuritySetting = new
ManagementObject( new ManagementPath(
@"ROOT\CIMV2:Win32_LogicalFileSecuritySetting.Path =’’c:\\test’’") );
ManagementBaseObject outParams;
outParams =
LogicalFileSecuritySetting.InvokeMethod("GetSecuri tyDescriptor",
null, null);

ManagementBaseObject Descriptor =
((ManagementBaseObject)(outParams.Properties[&quo t;Descriptor"].Value));
ManagementBaseObject[] DACLObject = ( ( ManagementBaseObject[] )(
Descriptor.Properties["DACL"].Value ) );

ManagementObject newTrusteeUser = ( new ManagementClass(
@"ROOT\CIMV2:Win32_Trustee" ) ).CreateInstance();
newTrusteeUser["Domain"] = domain;
newTrusteeUser["Name"] = username;
newTrusteeUser["SID"] = bSid;

ManagementObject newACEUser = ( new ManagementClass(
@"ROOT\CIMV2:Win32_Ace" ) ).CreateInstance();
newACEUser["Trustee"] = newTrusteeUser;
newACEUser["AceFlags"] = 3;
newACEUser["AceType"] = 0;
newACEUser["AccessMask"] = 2032127;// Full Access Mask
ManagementBaseObject[] DACLObjectNew = new ManagementBaseObject[]
{newACEUser};
Descriptor.Properties["DACL"].Value = DACLObjectNew;
ManagementBaseObject inParams = null;
inParams =

LogicalFileSecuritySetting.GetMethodParameters("Se tSecurityDescriptor"); inParams["Descriptor"] = Descriptor;
outParams =
LogicalFileSecuritySetting.InvokeMethod("SetSecuri tyDescriptor",
inParams, null);

// This line is where I get a result back of 1307 in ASP.NET
uint result= (uint)(outParams.Properties["ReturnValue"].Value);

LogicalFileSecuritySetting.Dispose();
return true;
}
catch(Exception exp)
{
throw exp;
}
}

Logs:
----------------------------
C:\WINDOWS\system32\WBEM\Logs\Framework.log
----------------------------
Unable to locate Shell Process, Impersonation failed. 05/06/2004
09:39:06.093 thread:1916
Project:
----------------------------

I am creating a HTTPS File Transfer App using ASP.NET and C#. I am
utilizing ActiveDirectory and windows security to manage the
permissions. Why reinvent the wheel, right? Everything so far is
working well with the Active Directory. The problem I am having is
with adding File Permissions to a directory. I am currently using
some code courtesy of "Willy Denoyette [MVP]"

Problem:
----------------------------

When I try to add user permissions to a specific folder using the same
code in a sample console app it works correctly. When I execute the
code from ASP.NET I get a return code of 1307, everytime.

Which means - 1307 This security ID may not be assigned as the owner
of this object.
(http://www.hiteksoftware.com/mize/Kn...icles/049.htm).

Can anyone tell me why this is happening? Willy?

Environment:
----------------------------

I am developing with Framework 1.1 and Windows XP. The users are
coming from AD on a Windows 2003 Server.

I have given ASPNET object full access to the folder C:\test. I have
also give ASPNET object full access to Root/CIMV2 in
CompMgmt.msc/Services and Apps/WMI Control

Code:
----------------------------
The DsSettings Object is just a simple class tht contains the Login
and Path information for LDAP.
public bool GrantPermission(string username, string domain, DsSettings
settings)
{
try
{

byte[] bSid = (byte[])DsWrapper.GetUser(username,
settings).DsEntry.Properties["objectSID"].Value;
ManagementObject LogicalFileSecuritySetting = new
ManagementObject( new ManagementPath(
@"ROOT\CIMV2:Win32_LogicalFileSecuritySetting.Path =''c:\\test''") );
ManagementBaseObject outParams;
outParams =
LogicalFileSecuritySetting.InvokeMethod("GetSecuri tyDescriptor",
null, null);

ManagementBaseObject Descriptor =
((ManagementBaseObject)(outParams.Properties["Descriptor"].Value));
ManagementBaseObject[] DACLObject = ( ( ManagementBaseObject[] )(
Descriptor.Properties["DACL"].Value ) );

ManagementObject newTrusteeUser = ( new ManagementClass(
@"ROOT\CIMV2:Win32_Trustee" ) ).CreateInstance();
newTrusteeUser["Domain"] = domain;
newTrusteeUser["Name"] = username;
newTrusteeUser["SID"] = bSid;

ManagementObject newACEUser = ( new ManagementClass(
@"ROOT\CIMV2:Win32_Ace" ) ).CreateInstance();
newACEUser["Trustee"] = newTrusteeUser;
newACEUser["AceFlags"] = 3;
newACEUser["AceType"] = 0;
newACEUser["AccessMask"] = 2032127;// Full Access Mask
ManagementBaseObject[] DACLObjectNew = new ManagementBaseObject[]
{newACEUser};
Descriptor.Properties["DACL"].Value = DACLObjectNew;
ManagementBaseObject inParams = null;
inParams =
LogicalFileSecuritySetting.GetMethodParameters("Se tSecurityDescriptor"); inParams["Descriptor"] = Descriptor;
outParams =
LogicalFileSecuritySetting.InvokeMethod("SetSecuri tyDescriptor",
inParams, null);

// This line is where I get a result back of 1307 in ASP.NET
uint result= (uint)(outParams.Properties["ReturnValue"].Value);

LogicalFileSecuritySetting.Dispose();
return true;
}
catch(Exception exp)
{
throw exp;
}
}
Logs:
----------------------------
C:\WINDOWS\system32\WBEM\Logs\Framework.log
----------------------------
Unable to locate Shell Process, Impersonation failed. 05/06/2004
09:39:06.093 thread:1916



[d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.179 ] Shell Name Explorer.exe in Registry not found in process
list. 05/06/2004 09:39:06.203 thread:2540

[d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.163 ] Unable to locate Shell Process, Impersonation failed. 05/06/2004
09:39:06.203 thread:2540

[d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.179 ] Shell Name Explorer.exe in Registry not found in process
list. 05/06/2004 09:39:07.968 thread:1916

[d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.163 ] Unable to locate Shell Process, Impersonation failed. 05/06/2004
09:39:07.984 thread:1916

[d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.179 ] Shell Name Explorer.exe in Registry not found in process
list. 05/06/2004 09:39:07.984 thread:1916

[d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.163 ] Unable to locate Shell Process, Impersonation failed. 05/06/2004
09:39:08.000 thread:1916

[d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.179 ] Shell Name Explorer.exe in Registry not found in process
list. 05/06/2004 09:39:08.093 thread:1916

[d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.163 ] Unable to locate Shell Process, Impersonation failed. 05/06/2004
09:39:08.093 thread:1916

[d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.179 ] Shell Name Explorer.exe in Registry not found in process
list. 05/06/2004 09:39:08.203 thread:2540

[d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.163 ] Unable to locate Shell Process, Impersonation failed. 05/06/2004
09:39:08.203 thread:2540

[d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.179 ] Shell Name Explorer.exe in Registry not found in process
list. 05/06/2004 09:39:08.218 thread:2540

[d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.163 ] Unable to locate Shell Process, Impersonation failed. 05/06/2004
09:39:08.218 thread:2540

[d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.179 ] Shell Name Explorer.exe in Registry not found in process
list. 05/06/2004 09:39:08.312 thread:2540

[d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.163 ] Unable to locate Shell Process, Impersonation failed. 05/06/2004
09:39:08.312 thread:2540


[d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.179 ] Shell Name Explorer.exe in Registry not found in process
list. 05/06/2004 09:39:06.203 thread:2540
[d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.163 ] Unable to locate Shell Process, Impersonation failed. 05/06/2004
09:39:06.203 thread:2540
[d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.179 ] Shell Name Explorer.exe in Registry not found in process
list. 05/06/2004 09:39:07.968 thread:1916
[d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.163 ] Unable to locate Shell Process, Impersonation failed. 05/06/2004
09:39:07.984 thread:1916
[d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.179 ] Shell Name Explorer.exe in Registry not found in process
list. 05/06/2004 09:39:07.984 thread:1916
[d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.163 ] Unable to locate Shell Process, Impersonation failed. 05/06/2004
09:39:08.000 thread:1916
[d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.179 ] Shell Name Explorer.exe in Registry not found in process
list. 05/06/2004 09:39:08.093 thread:1916
[d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.163 ] Unable to locate Shell Process, Impersonation failed. 05/06/2004
09:39:08.093 thread:1916
[d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.179 ] Shell Name Explorer.exe in Registry not found in process
list. 05/06/2004 09:39:08.203 thread:2540
[d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.163 ] Unable to locate Shell Process, Impersonation failed. 05/06/2004
09:39:08.203 thread:2540
[d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.179 ] Shell Name Explorer.exe in Registry not found in process
list. 05/06/2004 09:39:08.218 thread:2540
[d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.163 ] Unable to locate Shell Process, Impersonation failed. 05/06/2004
09:39:08.218 thread:2540
[d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.179 ] Shell Name Explorer.exe in Registry not found in process
list. 05/06/2004 09:39:08.312 thread:2540
[d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.163 ] Unable to locate Shell Process, Impersonation failed. 05/06/2004
09:39:08.312 thread:2540



[d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.179 ]


[d:\xpsp1\admin\wmi\wbem\providers\win32provider\co mmon\implogonuser.cpp.179 ]




这篇关于错误1307:使用ASP.NET中的System.Management对象向NTFS添加文件权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发语言最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆