IIS应用程序池标识以使用“登录用户" Windows标识 [英] IIS Application Pool Identity to use Logged On User Windows Identity

问题描述

我正在开发一个Web应用程序，该应用程序使用 LDAP 执行Active Directory更新. 当我在IIS 7上托管应用程序时，在语句directoryEntry.CommitChanges();上收到Access is denied错误.

I'm developing a web app that performs Active Directory updates using LDAP. When I host the app on an IIS 7, I get the Access is denied error at the statement directoryEntry.CommitChanges();.

然后我发现应用程序池使用标识"IIS APPPOOL \ ASP.NET v4.0"来执行更新.

Then I found out that the application pool is using the identity "IIS APPPOOL\ASP.NET v4.0" to perform the update.

我需要使用Web应用程序的用户的窗口帐户作为应用程序池的标识.

I need the window's account of the user who is using the web application to be the identity of the application pool.

我已经执行以下操作:

1. 在web.config中添加>身份验证模式="Windows"
2. 在IIS上禁用匿名身份验证
3. 选择内置帐户"ApplicationPoolIdentity"作为应用程序池的身份

但是还没有开始工作.

推荐答案

您正在寻找的概念称为假冒
从文档:

the concept you are looking for is called Impersonation
from the documentation:

1. 打开IIS管理器，然后导航到要管理的级别.有关打开IIS管理器的信息，请参阅打开IIS管理器(IIS 7).有关导航到UI中的位置的信息，请参阅IIS管理器(IIS 7)中的导航.
2. 在功能视图"中，双击身份验证".
3. 在身份验证"页上，选择" ASP.NET模拟" .
4. 在操作"窗格中，单击启用"以使用默认设置使用ASP.NET模拟身份验证.
5. (可选)在操作"窗格中，单击编辑"以设置安全主体.
6. 在编辑ASP.NET模拟设置"对话框中，选择特定用户"或经过身份验证的用户".不论您决定采用哪种方式，IIS都将此身份用于ASP.NET应用程序的安全上下文.默认情况下，IIS 7设置为模拟经过身份验证的用户.
7. 单击确定"完成操作，或继续执行以下可选步骤以更改身份以模仿.
8. (可选)单击设置"以更改特定用户"身份.
9. 在设置凭据"对话框中，在用户名"中输入现有用户帐户的名称，在密码"中输入与该用户帐户关联的密码，然后在确认新帐户的IIS的密码"中输入与该帐户完全相同的值，以供匿名使用.访问.
10. 单击确定"关闭设置凭据"对话框.
11. 单击确定"关闭编辑ASP.NET模拟设置"对话框.

1. Open IIS Manager and navigate to the level you want to manage. For information about opening IIS Manager, see Open IIS Manager (IIS 7). For information about navigating to locations in the UI, see Navigation in IIS Manager (IIS 7).
2. In Features View, double-click Authentication.
3. On the Authentication page, select ASP.NET Impersonation.
4. In the Actions pane, click Enable to use ASP.NET Impersonation authentication with the default settings.
5. Optionally, in the Actions pane, click Edit to set the security principal.
6. In the Edit ASP.NET Impersonation Settings dialog box, select either Specific user or Authenticated user. Whichever you decide, IIS uses this identity for the security context of the ASP.NET application. By default, IIS 7 is set to impersonate the authenticated user.
7. Click OK to finish or proceed to the next optional steps to change the identity to impersonate.
8. Optionally, click Set to change the Specific user identity.
9. In the Set Credentials dialog box, enter the name of an existing user account in User name, the password associated with that user account in Password, and then the exact same value in Confirm password for a new account IIS should use for anonymous access.
10. Click OK to close the Set Credentials dialog box.
11. Click OK to close the Edit ASP.NET Impersonation Settings dialog box.

这篇关于IIS应用程序池标识以使用“登录用户" Windows标识的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！