IIS7权限概述 - ApplicationPoolIdentity [英] IIS7 Permissions Overview - ApplicationPoolIdentity
问题描述
我们最近升级到IIS7作为核心Web服务器,我需要在权限方面进行概述。以前,当需要写入文件系统时,我会给AppPool用户(网络服务)访问目录或文件。
We have recently upgraded to IIS7 as a core web server and I need an overview in terms of the permissions. Previously, when needing to write to the file system I would have give the AppPool user (Network Service) access to the directory or file.
在IIS7中,我看到,默认情况下,AppPool用户设置为 ApplicationPoolIdentity
。因此,当我检查任务管理器时,我发现名为WebSite.com的用户帐户正在运行IIS进程('Website.com'是IIS中网站的名称)
In IIS7 I see, as default, the AppPool user is set to ApplicationPoolIdentity
. So when I check the task-manager, I see that a user account called 'WebSite.com' is running the IIS Process ('Website.com' being the name of the website in IIS)
但是,如果我尝试使用该帐户授予权限,则此用户帐户不存在。那么,我如何确定哪个用户也可以授予权限呢?
However this user account doesn't exist if I try to use that to give permissions. So, how do I determine which user to give the permissions too?
编辑================================== ============================================
Edit ==============================================================================
有关屏幕截图中的问题,请参见下文。我们的网站(www.silverchip.co.uk)使用用户名SilverChip.co.uk运行。但是,当我添加提交时,此用户确实存在!
See below for the problem in screen shot. Our website (www.silverchip.co.uk) runs on the username SilverChip.co.uk. However when I add pemissions, this user doenst exist!
============================= ====请参阅AppPool图像
=================================See AppPool Image
推荐答案
ApplicationPoolIdentity实际上是在IIS7中使用的最佳实践。它是一个动态创建的,无特权的帐户。要为特定应用程序池添加文件系统安全性,请参阅 IIS.net的应用程序池身份。快速版本:
ApplicationPoolIdentity is actually the best practice to use in IIS7. It is a dynamically created, unprivileged account. To add file system security for a particular application pool see IIS.net's "Application Pool Identities". The quick version:
如果您的应用程序池名为DefaultAppPool(如果名称不同,则只需替换下面的文本)
If you application pool is named "DefaultAppPool" (just replace this text below if it is named differently)
- 打开Windows资源管理器
- 选择文件或目录。
- 右键单击文件并选择属性
- 选择安全标签
- 点击编辑,然后点击添加按钮
- 单击位置按钮,确保选择本地计算机。 (如果服务器属于一个域,则不 Windows域。)
- 在输入中输入 IIS AppPool \DefaultAppPool 要选择的对象名称:文本框。 (不要忘记将DefaultAppPool更改为您为应用程序池命名的任何内容。)
- 单击检查名称按钮并单击确定。
- Open Windows Explorer
- Select a file or directory.
- Right click the file and select "Properties"
- Select the "Security" tab
- Click the "Edit" and then "Add" button
- Click the "Locations" button and make sure you select the local machine. (Not the Windows domain if the server belongs to one.)
- Enter "IIS AppPool\DefaultAppPool" in the "Enter the object names to select:" text box. (Don't forget to change "DefaultAppPool" here to whatever you named your application pool.)
- Click the "Check Names" button and click "OK".
这篇关于IIS7权限概述 - ApplicationPoolIdentity的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!