无法从应用程序访问网络共享 [英] Can't access to network share from application
问题描述
我无法从MVC应用程序访问网络共享.
应用程序托管在名为INTRANET的远程计算机上的IIS上,该计算机连接到同一域.
网站正在使用为网络服务配置的应用程序池.启用了匿名和Windows身份验证.
当我在本地调试应用程序(以管理员身份打开IIS Express和Visual Studio)时,没有问题.我可以访问网络共享并下载文件.
将应用程序发布到 INTRANET 后,会出现问题.我打开网络浏览器,转到
2.转到共享文件夹服务器,右键单击该文件夹,然后单击属性.然后,您可以像这样(Domain \ Servername $)将服务器的帐户添加到其中
I'm having problem with accessing to network share from my MVC application.
Application is hosted on IIS installed on remote machine named INTRANET, which is connected to same domain.
Website is using Application pool which is configured for Network Service. There are anonymous and windows authentication enabled.
When I'm debugging application locally (IIS Express and Visual Studio is opened as administrator) there is no problem. I can access to network share and download file.
The problem occurs after publishing application to INTRANET. I open web browser, go to http://intranet/, login with my domain credentials and then I try to call an action which needs access to UNC share. Then there is an error:
Access denied for path \\MyServer\MyShare\MyFolder
Controller Action looks like this:
public ActionResult DownloadAttachment(int id)
{
try
{
using (var ctx = new SyzyfContext())
{
var taskId = ctx.ZgloszeniePlik.Where(zp => zp.ID == id).First().ZgloszenieId;
var file = ctx.ZgloszeniePlik.Where(zp => zp.ID == id).First().nazwa;
var fileLof = file.LastIndexOf(".") + 1;
var fileLen = file.Length;
var fileLofs = file.LastIndexOf(@"\") + 1;
var fileName = file.Substring(fileLofs, fileLen - fileLofs);
var fileToCopy = @"\\Alicja2\Zadania_rep\rep" + id.ToString("D6") + ".fle";
var newFile = @"\\Agata\Repozytorium\" + taskId.ToString() + @"\" + fileName;
if (!Directory.Exists(@"\\Agata\Repozytorium\" + taskId.ToString()))
{
Directory.CreateDirectory(@"\\Agata\Repozytorium\" + taskId.ToString());
}
using (var input = new FileStream(fileToCopy, FileMode.Open, FileAccess.Read, FileShare.Read))
{
if (!System.IO.File.Exists(newFile))
{
using (var outputFile = new FileStream(newFile, FileMode.Create))
{
var buffer = new byte[0x10000];
int bytes;
while ((bytes = input.Read(buffer, 0, buffer.Length)) > 0)
{
outputFile.Write(buffer, 0, bytes);
}
}
}
}
byte[] fileBytes = System.IO.File.ReadAllBytes(newFile);
return File(fileBytes, System.Net.Mime.MediaTypeNames.Application.Octet, fileName);
}
}
catch (Exception ex)
{
ViewBag.Message = ex.Message;
return View("Error");
}
}
I think I missunderstanding whole IIS configuration. As far as I know, when Application Pool is configured for Network Service, it always uses DOMAIN\MACHINE$ account ( domain sees it as a computer object ). So I've grated full control permission for that UNC share to MACHINE$ account. It still does not work.
What login does application use when user trying to call above action ? Does it use DOMAIN\MACHINE$ account or logged user's domain account ?
As far as I know, if you use the Network Service account as the identity, you still need to add enough permission on the shared folder, Since Network service and local system both appear on the network as the computer account (DOMAIN\computer$).
Details steps as below:
1.Right cick the comture and click the property, you will find your computer name as below:
2.Go to your shared folder server, right click the folder and click property. Then you could add your server's account to it like this (Domain\Servername$)
这篇关于无法从应用程序访问网络共享的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
