IIS7 权限概述 - ApplicationPoolIdentity [英] IIS7 Permissions Overview - ApplicationPoolIdentity

问题描述

我们最近升级到 IIS7 作为核心 Web 服务器，我需要有关权限的概述.以前，当需要写入文件系统时，我会给 AppPool 用户(网络服务)访问目录或文件的权限.

We have recently upgraded to IIS7 as a core web server and I need an overview in terms of the permissions. Previously, when needing to write to the file system I would have give the AppPool user (Network Service) access to the directory or file.

在 IIS7 中，我看到默认情况下，AppPool 用户设置为 ApplicationPoolIdentity.因此，当我检查任务管理器时，我看到名为WebSite.com"的用户帐户正在运行 IIS 进程(Website.com"是 IIS 中的网站名称)

In IIS7 I see, as default, the AppPool user is set to ApplicationPoolIdentity. So when I check the task-manager, I see that a user account called 'WebSite.com' is running the IIS Process ('Website.com' being the name of the website in IIS)

但是，如果我尝试使用该用户帐户授予权限，则该用户帐户不存在.那么，我如何确定授予哪个用户权限呢?

However this user account doesn't exist if I try to use that to give permissions. So, how do I determine which user to give the permissions too?

编辑 ================================================================================

Edit ==============================================================================

有关屏幕截图中的问题，请参见下文.我们的网站 (www.silverchip.co.uk) 使用用户名 SilverChip.co.uk 运行.但是，当我添加权限时，该用户确实存在！

See below for the problem in screen shot. Our website (www.silverchip.co.uk) runs on the username SilverChip.co.uk. However when I add pemissions, this user doenst exist!

================================查看 AppPool 图片

=================================See AppPool Image

推荐答案

ApplicationPoolIdentity 实际上是在 IIS7+ 中使用的最佳实践.它是一个动态创建的非特权帐户.要为特定应用程序池添加文件系统安全性，请参阅 IIS.net 的应用程序池标识".快速版:

ApplicationPoolIdentity is actually the best practice to use in IIS7+. It is a dynamically created, unprivileged account. To add file system security for a particular application pool see IIS.net's "Application Pool Identities". The quick version:

如果应用程序池被命名为DefaultAppPool"(如果名称不同，只需替换下面的这段文字)

If the application pool is named "DefaultAppPool" (just replace this text below if it is named differently)

1. 打开 Windows 资源管理器
2. 选择一个文件或目录.
3. 右键单击文件并选择属性"
4. 选择安全"标签
5. 点击编辑"，然后点击添加"按钮
6. 点击位置"按钮并确保选择本地机器.(不是如果服务器属于一个 Windows 域.)
7. 在输入要选择的对象名称:"文本框中输入IIS AppPoolDefaultAppPool".(不要忘记将此处的DefaultAppPool"更改为您为应用程序池命名的任何名称.)
8. 单击检查名称"按钮，然后单击确定".

1. Open Windows Explorer
2. Select a file or directory.
3. Right click the file and select "Properties"
4. Select the "Security" tab
5. Click the "Edit" and then "Add" button
6. Click the "Locations" button and make sure you select the local machine. (Not the Windows domain if the server belongs to one.)
7. Enter "IIS AppPoolDefaultAppPool" in the "Enter the object names to select:" text box. (Don't forget to change "DefaultAppPool" here to whatever you named your application pool.)
8. Click the "Check Names" button and click "OK".

这篇关于IIS7 权限概述 - ApplicationPoolIdentity的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！