正确使用< identity impersonate ="true"/>. [英] The right use of <identity impersonate="true"/>
问题描述
在我的网站中,已登录的用户可以更改其个人资料图片,并且此过程包括将上传的图片保存到网站根目录中的文件夹中.
In my Website, Users who has logged in are able to change their profile pictures, and this process includes saving the uploaded image to a folder in the website's root directory.
当我测试它时,我收到一个错误,我应该使用权限授予对该特定文件夹的访问权限.
When I tested it, I received an Error that I should grant access to this specific folder using permissions.
我没有控制面板的控制权,他说他确实为 Images 文件夹授予了 READ 和 WRITE 其他的权限.
I do not have control over the Control Panel, the one who does said that he did grant the Images folder a READ and WRITE permissions to Others.
再次测试之后,再次出现相同的错误,因此我编辑了 web.config 并包含了以下内容:
After Testing it again, once again the same error, so I edited web.config and included:
<identity impersonate="true"/>
现在一切似乎都正常运行.但是,我刚才在这里做什么?有安全隐患吗?我是否向所有人授予匿名访问我的网站的权限?
And now everything seems to work perfectly. BUT, what did I just do here? Is there any security risk? Did I grant anonymous access to my website for everyone?
推荐答案
但是,我在这里只是做什么?
BUT, what did I just do here?
您现在以客户用户的身份运行网站.
You are now running your website under the identity of the client user.
有安全隐患吗?
Is there any security risk?
这取决于该帐户在服务器上的权限.通常,使用拥有很多特权的帐户来运行网站是一种不好的做法.理想情况下,您应该将网站配置为在您明确授予所需文件夹特权的帐户下运行.
That would depend on the permissions that this account has on the server. Usually it is bad practice to run a website with accounts that have lots of privileges. Ideally you should configure your website to run under an account that you explicitly grant privileges to the required folders.
您的方法存在的问题是,如果另一个无权访问指定文件夹的用户访问您的网站,则该网站将对他不起作用.另一方面,如果这是预期的行为,则可以通过模拟用户身份来解决问题.
The problem with your approach is that if another user that doesn't have access to the specified folder visits your website, it won't work for him. If on the other hand this is expected behavior then you are probably fine by impersonating user identities.
我是否为所有人授予匿名访问我的网站的权限?
Did I grant anonymous access to my website for everyone?
不,这与身份验证无关.
No, this has nothing to do with authentication.
这篇关于正确使用< identity impersonate ="true"/>.的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
