IIS 7.5 ISAPI应用程序池安全性 [英] IIS 7.5 ISAPI Application Pool Security

问题描述

我在IIS 7.5下运行ISAPI dll，并且希望使用Bill Egge的ISAPI Loader dll，这样可以在不停止服务器的情况下更换更新的dll。

I'm running an ISAPI dll under IIS 7.5, and wish to use Bill Egge's ISAPI Loader dll so an updated dll can be swapped out without stopping the server.

如果我将持有DLL的目录上的安全性设置为完全控制的每个人，那么它按设计工作（带有* .update扩展名的dll会自动导致现有的* .run dll备份，并且要使用* .run扩展名重新命名的新dll。

If I set the security on the directory holding the DLL to "everyone" with "full control" then it works as designed (a dll with an *.update extension automatically causes the existing *.run dll to be backed up, and the new dll to be renamed with the *.run extension).

显然我不想使用所有人帐户，因为这会打开安全漏洞。所以我删除了所有人的权限。

Obviously I do not wish to use the "everyone" account as this blows the security wide open. So I have removed the permissions for "everyone".

我的应用程序在应用程序池下运行 - TestAppPool。我已经按照 IIS7权限概述 - ApplicationPoolIdentity 的最高评分回答，并为用户IIS添加了安全性AppPool \ TestAppPool到完全控制。
但是这不允许* .update dll覆盖* .run dll。

My app runs under an application pool - "TestAppPool". I have followed the top rated answer at IIS7 Permissions Overview - ApplicationPoolIdentity and added security for user "IIS AppPool\TestAppPool" to "full control". However this does not allow the *.update dll to overwrite the *.run dll.

任何人都可以指出我正确的方向。

Can anyone point me in the right direction.

推荐答案

感谢Rich，答案是在托管isapai dll的目录上授予对IUSR帐户的修改权。

Thanks to Rich, the answer was to give modify rights to the IUSR account on the directory hosting the isapai dll.

这篇关于IIS 7.5 ISAPI应用程序池安全性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！