1

我们的 ASP.NET C# Web 应用程序将各种文件(如 jpg、png、docx、txt 等)上传到名为 ClientBin 的文件夹中。在 Visual Studio 2010 .NET IDE 随附的 Visual Studio 2010 .NET 测试服务器上一切正常。

但是,如果我们将应用程序部署到 IIS7 服务器,我们必须授予应用程序的 Web 用户上传文件的权限。我们基本上使用 IIS7 登录到我们的服务器,然后手动修改名为 ClientBin 的文件夹的安全属性,该文件夹最终应包含 jpgs、pngs、docx、txt 等内容。

---允许网络用户成功上传的手动方法---------------

在资源管理器中右键单击 projectfolder\ClientBin 文件夹,选择“属性”并选择“安全”选项卡。单击“添加”以添加相应的用户或组。突出显示 ASP.NET 帐户,然后选中所需访问权限的复选框。---使上传成功的手动方法---------------------------

--在尝试上传时仍然给网络用户一个异常错误的编程方法--------

String DirectoryPath = System.IO.Path.Combine(Server.MapPath("~/ClientBin/"));
DirectorySecurity specificDirectorySecurity = Directory.GetAccessControl(DirectoryPath);
specificDirectorySecurity.AddAccessRule(new FileSystemAccessRule("Users", FileSystemRights.Modify, AccessControlType.Allow));
specificDirectorySecurity.AddAccessRule(new FileSystemAccessRule("Administrators", FileSystemRights.Modify, AccessControlType.Allow));
specificDirectorySecurity.AddAccessRule(new FileSystemAccessRule("SYSTEM", FileSystemRights.Modify, AccessControlType.Allow));
Directory.SetAccessControl(DirectoryPath, specificDirectorySecurity);

--在尝试上传时仍然给网络用户一个异常错误的编程方法--------

另一个在线帖子建议我通过在 web.config 中输入以下内容来解决该问题:

----XML配置可能解决程序化方法的问题--------

身份模拟=“真”用户名=“计算机名\管理员”密码=“唐”

----XML配置可能解决程序化方法的问题--------

但是,如果我将身份模拟为真实,我会担心安全问题。

执行此操作的最安全和最自动化(可能意味着程序化解决方案)的方式是什么?

谢谢,

新员工

4

2 回答 2

1

通常,应用程序被授予对目录的权限,并且应用程序管理用户对上传文件夹的访问。

于 2012-08-14T18:16:07.373 回答
0

全部:

即使我无法弄清楚 C# 如何修改上传文件夹的权限。

Microsoft Windows PowerShell 似乎可以以编程方式修改上传文件夹的权限。

这是以编程方式修改上传文件夹权限的代码片段:

$computerHostName = [System.Net.Dns]::GetHostName()

#These constants are used to set permissions
$inherit = [system.security.accesscontrol.InheritanceFlags]"ContainerInherit, ObjectInherit"

$propagation = [system.security.accesscontrol.PropagationFlags]::None

$colRights = [System.Security.AccessControl.FileSystemRights]"Modify"

$objType =[System.Security.AccessControl.AccessControlType]::Allow

#(MSDN Docs) The IIS_IUSRS Group has access to all the necessary file and system     resources
# so that an account, when added to this group, can seamlessly act as an application     pool identity.
#  IIS_IUSRS group by default includes the web users that log on to the Perls    Applications. 
#If a web user needs to upload resources to the folder within the Perls Web     Application that
# contains uploaded resource files then we need to ensure that the members of the
# IIS_IUSRS Group have permissions to add resource files to that particular Perls Web      Application upload folder.

#This determines which user is the guest user for IIS.  Windows Vista and 08 use the      IIS_USRS group, Previous version use
#IUSR_[MachineName]



  if ([environment]::osversion.Version.Major -eq 6) {
  $webUser="IIS_IUSRS"


  } else {

     $webUser="IUSR_" + $computerHostName

 }


$clientBinDirectoryPath = "D:\DeployedApplications\" + $umbrellaComponentName + "\" +     $siteWebComponentName + "\" + "ClientBin"

$perlsPivotErrorDirectoryPath = "D:\DeployedApplications\" + $umbrellaComponentName +      "\" + $siteWebComponentName + "\" + "PerlsPivotErrorDirectory"

$aclForClientBinDirectoryPath = Get-Acl $clientBinDirectoryPath


$accessRuleForClientBinDirectoryPath = New-Object     System.Security.AccessControl.FileSystemAccessRule($webUser, $colRights, $inherit,     $propagation, $objType)

$aclForClientBinDirectoryPath.AddAccessRule($accessRuleForClientBinDirectoryPath)

Set-Acl -aclobject $aclForClientBinDirectoryPath $clientBinDirectoryPath

$aclForPerlsPivotErrorDirectoryPath = Get-Acl $perlsPivotErrorDirectoryPath

$accessRuleForPerlsPivotErrorDirectoryPath  = New-Object     System.Security.AccessControl.FileSystemAccessRule($webUser, $colRights, $inherit,     $propagation, $objType)

$aclForPerlsPivotErrorDirectoryPath.AddAccessRule($accessRuleForPerlsPivotErrorDirectoryPath)

Set-Acl -aclobject $aclForPerlsPivotErrorDirectoryPath $perlsPivotErrorDirectoryPath
于 2013-02-26T20:11:18.427 回答