File.Exists返回False在Active Directory环境 [英] File.Exists returns False in Active Directory environment

问题描述

我在IIS 7中得到了下我的默认Web站点的应用程序，每当我尝试访问其他文件在同一个域（但不同的机器）， File.Exists 返回假，即使该文件确实存在，我可以访问它只是从机器上托管的网站的罚款。设置的AD部分似乎都很正常的工作，我只是不能够访问文档在不同的机器在域中。这是我的IIS安装：

1. 应用程序池：.NET 4.0，综合管线，并使用ApplicationPoolIdentity身份。我已经使用网络服务尝试，但似乎没有有所作为。

2. 认证：我的应用程序只有ASP.NET模拟和Windows身份验证功能。 bin文件夹是一样的。

如果有任何其他有关IIS设置，请让我知道，我会得到它补充说。

我也试过，有文件（这是在另一台机器在同一个域中），我正在尝试访问该文件夹的给予我的机器完全的权限。这似乎并没有有所作为无论是。

有没有人遇到过这个之前还是知道别的我可以尝试，或知道任何IIS设置，我可以检查？如果有别的相关，我可以包括我的设置，请让我知道！

更新：

有没有可能找出正在使用的身份或谁是被模拟当 System.IO.File.Exists（）被调用，或者更具体的了解谁的的方法的模仿是？我试过检查 Thread.CurrentPrincipal.Identity.Name 之前调用正确的 File.Exists（），它的正确返回我的域用户。

这样看来，是不是当 File.Exists（）执行正在模拟的用户。更重要的是，如果在IIS中，我改变了ASP.NET模拟（在身份验证设置）用我特定的域用户，一切正常！但是，当我改回使用认证用户，这不？

我还可以确认调用 Principal.WindowsIdentity.GetCurrent.Name（）权利之前 File.Exists（）也返回正确的域用户。

更新2：

我也试着应用程序池标识设置为我的特定领域的用户，这似乎并没有有所作为无论是。在这一点上，我不知道还有什么其他帐户可能被冒充为检查文件是否存在时？

更新3：

我已经尝试使用进程监视器其中有文件的机器上我想访问，但是当我筛选下来的文件类型，我在寻找（或希望看到），没有显示，当我重新运行我的测试。我只能假设做了 File.Exists（）您没有访问文件，没有注册的过程监控？是否有任何其他的方式对我来说，找出哪些模拟用户/服务尝试（无法）来访问这些文件？

更新4：

利用以下@约翰发现的例子，我试图检查之前，以编程方式模拟登录的用户文件是否存在：

 昏暗WID作为的WindowsIdentity = HttpContext.Current.User.Identity
DIM CTX作为WindowsImpersonationContext =无

CTX = wID.Impersonate（）

如果System.IO.File.Exists（sFile）然后

其他
   还是送过来？
结束如果
 

不过， File.Exists（）仍返回冒充即使假的。

更新5（溶液）：

我需要这样的：

 使用CTX作为System.Security.Principal.WindowsImpersonationContext = System.Security.Principal.WindowsIdentity.Impersonate（IntPtr.Zero）
   我的code在这里
结束使用
 

解决方案

在IIS中，选择您的网站，然后转到验证中，选择Windows身份验证，

1. 选择高级设置 - >确保内核模式已启用
2. 选择供应商，检查是否协商是在映射
第一项

在测试只使用IE浏览器，并从内网运行。

你也可以模拟特定用户，转到ASP.NET模拟，指定谁可以访问远程目录的用户。

I've got an Application under my Default Web Site in IIS 7 and whenever I try to access another document on the same domain (but different machines), File.Exists returns False, even though the document does exist and I can access it just fine from the machine hosting the site. The AD portion of the setup appears to be working fine, I'm just not able to access documents on different machines in the domain. Here's my IIS setup:

1. Application Pool: .NET 4.0, Integrated Pipeline, and using the ApplicationPoolIdentity Identity. I've tried using NetworkService but that didn't seem to make a difference.

2. Authentication: My Application has only ASP.NET Impersonation and Windows Authentication enabled. The bin folder is the same.

If there's anything else relevant to IIS set up, please let me know and I'll get it added.

I've also tried granting my machine full permissions on the folder that has the document (which is on another machine in the same domain) which I'm trying to access. That didn't seem to make a difference either.

Has anyone come across this before or know of anything else I can try or know of any IIS settings I can check? If there's anything else relevant that I can include in my setup, please let me know!

UPDATE:

Is it possible to find out what identity is being used or who is being impersonated when System.IO.File.Exists() is called, or more specifically find out who that method impersonates as? I've tried checking Thread.CurrentPrincipal.Identity.Name right before calling File.Exists() and it correctly returns my domain user.

So it appears that isn't the user being impersonated when File.Exists() executes. What's more is that if, in IIS, I change the ASP.NET Impersonation (in Authentication settings) to use my specific domain user, everything works fine! But when I change it back to use the "Authenticated User", it doesn't?

I can also confirm that calling Principal.WindowsIdentity.GetCurrent.Name() right before File.Exists() also returns the correct domain user.

UPDATE 2:

I've also tried setting the Application Pool Identity to my specific domain user, which doesn't seem to make a difference either. At this point, I'm not sure what other account it could be impersonating as when checking if the file exists?

UPDATE 3:

I've tried using Process Monitor on the machine which has the documents I'm trying to access, but when I filter it down to the file type I'm looking for (or expecting to see), nothing shows up when I re-run my tests. I can only assume doing a File.Exists() on a file you don't have access to, doesn't register to the Process Monitor? Are there any other ways for me to find out which impersonated user/service is trying (unable) to access these documents?

UPDATE 4:

Using the examples found by @john below, I've tried to programmatically impersonate the logged in user before checking if the file exists:

Dim wID As WindowsIdentity = HttpContext.Current.User.Identity
Dim ctx As WindowsImpersonationContext = Nothing

ctx = wID.Impersonate()

If System.IO.File.Exists(sFile) Then

Else
   'Still gets here?
End If

However, File.Exists() still returns false even when impersonating.

UPDATE 5 (SOLUTION):

I needed this:

Using ctx As System.Security.Principal.WindowsImpersonationContext = System.Security.Principal.WindowsIdentity.Impersonate(IntPtr.Zero)
   'My code here
End Using

解决方案

In IIS, select your website, then goto Authentication, select Windows Authentication,

1. Select Advanced Settings -> make sure kernel mode is enabled
2. Select Provider, check if Negotiate is the first item in the mapping

When you test only use IE and running from your Intranet.

Also you can impersonate a specific user, goto ASP.NET impersonation, specify the user who has access to the remote directory.

这篇关于File.Exists返回False在Active Directory环境的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！