ASP.NET从受密码保护的网络共享读取文件 [英] ASP.NET Read Files from a Password Protected Network Share
问题描述
我在Windows 2003 Server上有一个ASP.NET网站,该网站需要访问网络共享中的文件.网络共享受密码保护,需要提供用户名和密码.
I have an ASP.NET website on a Windows 2003 Server, that needs to access files from a network share. The network share is password protected and needs a username and password to be provided.
我在网站上使用基于表单的身份验证,而不是在Windows中使用.
I use forms based authentication on the website and not windows based.
所以我的问题是,当我尝试使用以下代码从networkshare读取任何文件时,它会拒绝访问DirectoryInfo networkShare =新的DirectoryInfo("\\ TestServer \ Share");
So my problem is, when I try to read any file from the networkshare using the code below, it throws access denied DirectoryInfo networkShare = new DirectoryInfo("\\TestServer\Share");
因此,我尝试通过向模拟功能调用提供网络共享的用户名和密码来使用Impersonate,但是该调用显然失败了,因为该用户名在ASP.NET Web服务器上不存在.因此,然后我传递了Web服务器上确实存在的登录名的用户名和密码,因此这一次模拟呼叫有效,但是仍然无法访问网络共享-因为网络共享的用户名和密码不同.
So I tried using Impersonate by providing the username and password of the network share to the impersonate function call, however the call obviously fails since that username does not exists on the ASP.NET webserver. So then I passed the username and password of a login that does exist on the webserver, so this time the impersonate call works however it still can not access the network share 'cuz the network share username and password are different.
因此,最后,我在与网络共享匹配的Web服务器上创建了完全相同的用户名/密码.这次模拟功能调用起作用,网络共享也起作用.我可以成功地从共享中读取内容.
So finally, I created the exact same username/password on the webserver which matches the network share. This time impersonate function call works and so does network share. I'm able to successfully read from the share.
所以我的问题是,有没有一种方法可以读取网络共享而无需在Web服务器中添加用户名.因为网络共享登录名每次更改,我都必须再次在网络服务器中输入新的用户名.哪一个不理想.
So my question is, is there a way I can read the network share without adding the username in the webserver. 'Cuz everytime the network share login changes, I'll have to again make a new username in the webserver too. Which is not ideal.
有什么想法吗?
推荐答案
做到这一点的正确"方法是运行Web服务器的AppPool作为可以访问共享的身份.这样,唯一的凭据存储将在IIS配置中安全地完成(而不是在代码或可读的配置文件中).将网络服务器和文件服务器放在相同的Windows域(或具有信任关系的不同域)中是最简单的方法,但是相同的用户名/密码"也应该在那里工作.
The "right" way to do this is to run the webserver's AppPool as the identity that can access the share. That way, the only credential storage is done securely in the IIS config (rather than in your code or in readable config files). Putting the webserver and fileserver in the same Windows domain (or different domains with trust) is the easiest way, but the "same username/password" thing should work there as well.
如果您不希望在代码或配置中放入用户名/密码,则可以P/Invoke到WNetAddConnection2并传递用户名/密码-那么您应该可以访问共享.这不需要网络服务器具有匹配的帐户,但是您确实应该保护密码(查看System.Security.Cryptography.ProtectedData以获取加密的注册表存储).
If you don't care about putting usernames/passwords in your code or config, you can P/Invoke to WNetAddConnection2 and pass the username/password- then you should be able to access the share. This doesn't require the webserver to have a matching account, but you really should secure the password (look into System.Security.Cryptography.ProtectedData for encrypted registry storage).
这篇关于ASP.NET从受密码保护的网络共享读取文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
