远程服务器上拒绝访问路径 [英] Access to path is denied on remote server

问题描述

我有一个MVC应用程序，它使用Directory.getfiles（）来抓取文件列表的网络共享并将它们显示给使用的文件。这在我的开发机器上运行良好，但当我将其部署到Web服务器时，我得到以下内容：

I have an MVC application that uses Directory.getfiles() to scrape a network share for a file list and displays them to the used. This has worked fine on my development machine, but when I have deployed this to the web server I get the following:

Access to the path {path}; is denied.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.UnauthorizedAccessException: Access to the path [path]; is denied.

ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6 and IIS 7, and the configured application pool identity on IIS 7.5) that is used if the application is not impersonating. If the application is impersonating via <identity impersonate="true"/>, the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user.

To grant ASP.NET access to a file, right-click the file in File Explorer, choose "Properties" and select the Security tab. Click "Add" to add the appropriate user or group. Highlight the ASP.NET account, and check the boxes for the desired access.

我认为这是因为我的桌面工作站拥有我的权限，并且Web服务器没有。如何设置服务器是我们有一台运行iis8的2012 R2机器和一个托管文件共享的文件服务器。



我如何授予文件共享的asp权限？或者我如何模仿当前用户，以便他们可以访问文件，如果他们有权访问，或者我如何模拟具有正确权限的服务帐户？



谢谢！

I assume it's because my desktop workstation has my permissions, and the web server does not. How the servers are setup is we have a 2012 R2 Machine running iis8 and a file server hosting the file shares.

How can I give asp permission to the file shares? or alternatively how can I impersonate the current user so they can get at the files if they have access or how can I impersonate a service account with the correct permissions?

thanks!

推荐答案

这不是工作站拥有您的权限。你有权限。那么，你的帐户呢。您启动的任何内容都是作为您启动并继承您的secruity令牌。



这包括在您的开发计算机上调试站点时启动的IIS Express Web服务器。因为它可以运行，因为它可以访问您所做的一切，包括该共享。



当您将应用程序部署到真正的Web服务器IIS 8时，它正在运行您的服务帐户下的代码非常受限制。出于安全原因，它无法访问网络资源。因此，它无法访问您想要获得的共享。



要解决此问题，您必须创建一个专门设置为执行的帐户你的网页。它还应具有访问共享所需的任何访问权限。设置帐户后，您将进入IIS管理器并创建一个应用程序池来运行您的网站，并告诉它您创建的帐户的用户名和密码。

It's not that the workstation has your permissions. YOU have the permissions. Well, your account does. Anything you launch is launched AS YOU and inherits your secruity token.

This includes the IIS Express web server that is launched when you debug your site on your dev machine. Since it's running as you it has access to everything you do, including that share.

When you deploy your app to a real web server, IIS 8, it's running your code under a service account that is pretty restricted. It doesn't have access to network resources for security reasons. Because of this it has no access to the share you're trying to get at.

To fix this, you have to create an account that is specifically setup to execute your website. It should also have whatever access it needs to access the share. Once the account is setup, you go into the IIS Manager and create an Application Pool to run your website and tell it the username and password for the account you created.

这篇关于远程服务器上拒绝访问路径的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！