错误的权限从ASP .NET Web服务访问MSMQ [英] Permissions error accessing MSMQ from ASP .Net Web Service
问题描述
我已经写了 Web服务,从消息队列读取。
这卡西尼下正常工作。
I have written a web service that reads from a message queue. This works fine under Cassini.
现在,我已经部署了下IIS服务,我当服务尝试访问队列收到一条错误消息:
Now that I have deployed the service under IIS, I receive an error message when the service tries to access the queue:
队列不存在,或者您没有足够的权限来执行该操作。
我已经设置上的IIS虚拟目录的匿名访问用户是我自己的域帐户,它是本地计算机上的管理员组的成员。我已授予队列此相同的用户完全权限,以及网络服务和ASPNET。
I have set the anonymous access user on the IIS virtual directory to be my own domain account, which is a member of the administrators group on the local machine. I have granted this same user full permissions on the queue, as well as NETWORK SERVICE and ASPNET.
我仍然得到同样的错误信息。
I still get the same error message.
我也曾尝试禁用对虚拟目录的匿名访问,并用自己的登录信息连接到服务 - 无济于事
I have also tried disabling anonymous access on the virtual directory and connecting to the service using my own login details - to no avail.
这个问题的任何帮助将大大AP preciated!
Any help with this problem will be greatly appreciated!
我也尝试过各种组合:
和随着testUsr其在队列中的完全权限。我已经加入了C上的用户和ASPNET的MSMQ存储文件夹的权限:\\
and With testUsr having full permissions on the queue. I have added permissions for the user and ASPNET on the MSMQ store folders on C:\
推荐答案
我对这个问题的理解是,这一进程试图执行code作为运行在IIS下比它卡西尼下一个不同的帐户。
My understanding of the problem is that the process trying to execute the code is running as a different account under IIS than it does under Cassini.
问题是,无论哪个用户的我模拟 - 我总是得到同样的错误信息 - 即使用户是本地和域管理员组的成员,而这个用户对队列的全部权限。即,这是几乎不可能分配更多的权利给用户。
The problem was that regardless of which user I impersonated - I always got the same error message - even when the user was a member of the local and domain administrator groups, and this user had full permissions on the queue. i.e. It is barely possible to assign more rights to a user.
原来,在使用的队列FORMATNAME,而不是一个路径名(MYMACHINE \\ QUEUENAME)已经解决了这个问题...
It turns out, that using a FormatName for the queue, rather than a path name (myMachine\queueName) has solved the problem...
FORMATNAME:DIRECT = OS:MYMACHINE \\ myQueue中
FormatName:DIRECT=OS:myMachine\myQueue
我不清楚,究竟为什么是这样的情况。读了已经表明,当使用路径名,还有一个AD查找的必需品,虽然我认为我一直在测试的用户应该有权这样做,也许有一些人失踪。
I am uncertain as to exactly why this is the case. Reading up has showed that when a path name is used, there is a necessity for an AD lookup, and although I think that the users that I have been testing with should have rights to do this, perhaps there is something missing.
但是眼前的问题就解决了,这就是对我来说已经足够了。
However the immediate problem is solved and that's good enough for me.
这篇关于错误的权限从ASP .NET Web服务访问MSMQ的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!