设置标识为应用程序池以LocalSystem天青 [英] Setup Identity for an Application Pool as LocalSystem in Azure
问题描述
有没有办法在 ServiceDefinition.csdef中
来做到这一点或其他地方,而不去到IIS和手工调整?
Is there a way to do this in ServiceDefinition.csdef
or other place without go to the IIS and adjust by hand?
我试过的ExecutionContext =架空
为webrole,无法正常工作。
I tried executionContext="elevated"
for webrole, not working.
更新
如果您安装IIS 6元数据库兼容性在Azure上IIS,我在下面会显示了错误。
If you install "IIS 6 Metabase Compatibility" on Azure IIS, the error I shown below will gone.
此提出了另一个问题了,如何安装IIS 6元数据库兼容性在Azure上部署阶段自动。
的 @astaykov,我想发表评论,但低于太大的code,所以我用这个地方。的
我用同样的code,它写道:韦德瓦格纳:
I use the same code that wrote by Wade Wagner as:
public override bool OnStart()
{
// http://code.msdn.microsoft.com/windowsazure/CSAzureChangeAppPoolIdentit-27099828
// This variable is used to iterate through list of Application pools
string metabasePath = "IIS://localhost/W3SVC/AppPools";
string appPoolName;
using (ServerManager serverManager = new ServerManager())
{
//Get the name of the appPool that is created by Azure
appPoolName = serverManager.Sites[RoleEnvironment.CurrentRoleInstance.Id + "_Web"].Applications.First().ApplicationPoolName;
// Get list of appPools at specified metabasePath location
using (DirectoryEntry appPools = new DirectoryEntry(metabasePath))
{
// From the list of appPools, Search and get the appPool that is created by Azure
using (DirectoryEntry azureAppPool = appPools.Children.Find(appPoolName, "IIsApplicationPool"))
{
if (azureAppPool != null)
{
// Refer to:
// http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/e3a60d16-1f4d-44a4-9866-5aded450956f.mspx?mfr=true,
// http://learn.iis.net/page.aspx/624/application-pool-identities/
// for more info on AppPoolIdentityType
azureAppPool.InvokeSet("AppPoolIdentityType", new Object[] { 0 }); // MD_APPPOOL_IDENTITY_TYPE_LOCALSYSTEM
// Write above settings to IIS metabase
azureAppPool.Invoke("SetInfo", null);
// Commit the above configuration changes that are written to metabase
azureAppPool.CommitChanges();
}
}
}
}
RoleInRun = true;
TaskInRun = false;
return base.OnStart();
}
我可以在 appPoolName
得到分辩的价值,但在这里发生了错误:使用(的DirectoryEntry azureAppPool = appPools.Children.Find(appPoolNameIIsApplicationPool))
I can get rigth value at appPoolName
, But error happened here:
using (DirectoryEntry azureAppPool = appPools.Children.Find(appPoolName, "IIsApplicationPool"))
我到处寻找解决方案,但仍然无法找到线索
下面的错误,从IIS事件:
I am searching solutions everywhere but still cannot find a clue Error below, from IIS events:
Application: WaIISHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Runtime.InteropServices.COMException
Stack:
at System.DirectoryServices.DirectoryEntry.Bind(Boolean)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_IsContainer()
at System.DirectoryServices.DirectoryEntries.Find(System.String, System.String)
at GimmeRank.Redirector.WebRole.OnStart()
at Microsoft.WindowsAzure.ServiceRuntime.RoleEnvironment.InitializeRoleInternal(Microsoft.WindowsAzure.ServiceRuntime.Implementation.Loader.RoleType)
at Microsoft.WindowsAzure.ServiceRuntime.Implementation.Loader.RoleRuntimeBridge.<InitializeRole>b__0()
at System.Threading.ExecutionContext.runTryCode(System.Object)
at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode, CleanupCode, System.Object)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart()
Anyideas?
Anyideas?
推荐答案
执行上下文=架空将只运行RoleEntryPoint作为本地系统帐户,但它不是IIS池标识。
executionContext="elevated" will only run your RoleEntryPoint as the local SYSTEM account, but it is not the IIS pool identity.
您可能想看看<一个href=\"http://www.wadewegner.com/2011/01/programmatically-changing-the-apppool-identity-in-a-windows-azure-web-role/\"相对=nofollow>这个博客帖子由韦德瓦格纳。他介绍有什么,可以在你的OnStart方法与执行上下文=架空一起跑(因为只有管理员可以改变池标识)。如果没有对本地系统的工作,你可以创建RDP,将Administrators组中添加一个用户,您可以设置IIS应用程序池的身份给该用户。
You may want to check out this blog post by Wade Wagner. What he describes there, can be run in your OnStart method along with executionContext="elevated" (because only admin can change pool identity). If that does not work for Local System, you can create a user for RDP, it will added in the Administrators group, and you can set the iis app pool identity to that user.
更新
嗯,我用下面的方法(这是类似),它工作得很好:
Hm, I used the following method (which is similar) and it worked fine:
private void SetAppPoolIdentity()
{
string appPoolUser = "myRDP_admin_user";
string appPoolPass = "my_super_secure_password";
Action<string> iis7fix = (appPoolName) =>
{
bool committed = false;
while (!committed)
{
try
{
using (ServerManager sm = new ServerManager())
{
var applicationPool = sm.ApplicationPools[appPoolName];
applicationPool.ProcessModel.IdentityType = ProcessModelIdentityType.SpecificUser;
applicationPool.ProcessModel.UserName = appPoolUser;
applicationPool.ProcessModel.Password = appPoolPass;
sm.CommitChanges();
committed = true;
}
}
catch (FileLoadException fle)
{
Trace.TraceError("Trying again because: " + fle.Message);
}
}
};
// ServerManager in %WinDir%System32InetSrvMicrosoft.Web.Administration.dll
var sitename = RoleEnvironment.CurrentRoleInstance.Id + "_Web";
var appPoolNames = new ServerManager().Sites[sitename].Applications.Select(app => app.ApplicationPoolName).ToList();
appPoolNames.ForEach(iis7fix);
}
你能试试吗?请注意,它不会与本地系统帐户的工作,因为它不是真正的帐户,我们不能设置这种方式(至少我不知道该怎么做,但具体占RDP它工作正常)。
Could you try that? Note that it will not work with Local System account, as it is not real account and we cannot set it this way (at least I don't know how to do it, but with specific account for RDP it works fine).
这篇关于设置标识为应用程序池以LocalSystem天青的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!