无法在映射驱动器中使用模拟写 [英] Cannot write on a mapped drive using impersonation
问题描述
基本上我运行相同的问题,因为这个帖子<一个href=\"http://stackoverflow.com/questions/2669672/accessing-mapped-drives-when-impersonating-in-asp-net\">http://stackoverflow.com/questions/2669672/accessing-mapped-drives-when-impersonating-in-asp-net
我工作的一个传统的网站,我需要让管理员来更改网站的标志,横幅等,从他们的桌面图像文件到服务器上的映射驱动器。
所以,他们的网站是使用模拟时,它需要保存在驱动器上,它的工作就好了;不过,我不能管理,使其在他们的测试环境中,也不在我的测试环境下工作。
¿任何想法?我仔细检查过的用户和密码(code不指定域)这不是问题。
下面是从code处理模拟的摘录:
公共BOOL ImpersonateUser(用户字符串,字符串密码字符串域)
{
的WindowsIdentity tempWindowsIdentity;
IntPtr的记号= IntPtr.Zero;
IntPtr的tokenDuplicate = IntPtr.Zero; 如果(RevertToSelf时())
{
如果(LogonUserA(用户,域,密码,LOGON32_LOGON_INTERACTIVE,LOGON32_PROVIDER_DEFAULT,楼盘令牌)!= 0)
{
如果(DuplicateToken(令牌,2,参考tokenDuplicate)!= 0)
{
tempWindowsIdentity =新的WindowsIdentity(tokenDuplicate);
impersonationContext = tempWindowsIdentity.Impersonate();
如果(impersonationContext!= NULL)
{
CloseHandle的(标记);
CloseHandle的(tokenDuplicate);
返回true;
}
}
}
}
// ...在code休息
和一个-sanitized-测试:
如果(impUtility.ImpersonateUser(用户,密码的String.Empty))
{
fu.SaveAs(@C:\\图片\\+ imgName);
}
我不能得到这工作的。
然后我意识到,即使我能实现它,还有一个更简单的方法。
我所做的是分享在目标机器上的文件夹,只给读/写权限的用户,将被使用我的申请。
//模仿用户保存在服务器上的文件
的WindowsIdentity无线=(的WindowsIdentity)User.Identity;
WindowsImpersonationContext WIC = NULL;尝试
{
WIC = wi.Impersonate();
如果(wi.IsAuthenticated)
asyncFileUpload.SaveAs(位置);
}
赶上(异常前)
{
//日志错误或通知这里
成功= FALSE;
}
最后
{
如果(WIC!= NULL)
wic.Undo();
}
我创建了用户的AD组,并给读/写权限的隐藏的共享驱动器上的那些用户。这使得它更易于维护,因为我不必为每个用户创建映射驱动器。
Basically I'm running the same problem as this post http://stackoverflow.com/questions/2669672/accessing-mapped-drives-when-impersonating-in-asp-net
I'm working on a legacy website and I need to allow the admins to change the site's logo, banners, etc, from an image file on their desktops to a mapped drive on the server.
So, their website is using impersonation whenever it needs to save on the drive, and it's working just fine; however I can't manage to make it work on their test environment nor in my test environment.
¿Any ideas? I've double checked user and password (the code doesn't specify domain) and that's not the issue.
Here's an excerpt from the code that handles impersonation:
public bool ImpersonateUser(String user, String password, String domain)
{
WindowsIdentity tempWindowsIdentity;
IntPtr token = IntPtr.Zero;
IntPtr tokenDuplicate = IntPtr.Zero;
if (RevertToSelf())
{
if (LogonUserA(user, domain, password, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, ref token) != 0)
{
if (DuplicateToken(token, 2, ref tokenDuplicate) != 0)
{
tempWindowsIdentity = new WindowsIdentity(tokenDuplicate);
impersonationContext = tempWindowsIdentity.Impersonate();
if (impersonationContext != null)
{
CloseHandle(token);
CloseHandle(tokenDuplicate);
return true;
}
}
}
}
//... rest of the code
And a -sanitized- test:
if (impUtility.ImpersonateUser("user", "password", string.Empty))
{
fu.SaveAs(@"C:\Images\" + imgName);
}
I couldn't get that to work either.
Then I realized that even if I could implement it, there is an easier way. What I did was share the folder on the target machine, and give only read/write permissions to the users that would be using my application.
//Impersonate user to save file on server
WindowsIdentity wi = (WindowsIdentity)User.Identity;
WindowsImpersonationContext wic = null;
try
{
wic = wi.Impersonate();
if (wi.IsAuthenticated)
asyncFileUpload.SaveAs(location);
}
catch (Exception ex)
{
//Log Error or notify here
success = false;
}
finally
{
if (wic != null)
wic.Undo();
}
I created an AD group for the users, and give read/write permissions for those users on the hidden shared drive. This makes it easier to maintain, since I don't have to create mapped drives for each user.
这篇关于无法在映射驱动器中使用模拟写的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
