活动目录,Windows 8
如果我使用用户“xxx”登录并使用这样的代码运行应用程序:
//WindowsIdentity.GetCurrent().Name - is "MyDomain\xxx";
var connectionOptions = new ConnectionOptions
{
EnablePrivileges = true,
Impersonation = ImpersonationLevel.Impersonate
};
var scope = new ManagementScope(
string.Format("\\\\{0}\\root\\CIMV2", computerName),
connectionOptions);
scope.Connect();
它运作良好。
但是,当在同一台机器上的 IIS 中运行此代码时,我遇到了异常:
// WindowsIdentity.GetCurrent().Name - is "NT AUTHORITY\SYSTEM" or "IIS APPPOOL\DefaultAppPool", tryed both
var windowsIdentity = User.Identity as WindowsIdentity;
if (windowsIdentity != null)
{
using (windowsIdentity.Impersonate())
{
// WindowsIdentity.GetCurrent().Name - is "MyDomain\xxx";
var connectionOptions = new ConnectionOptions
{
EnablePrivileges = true,
Impersonation = ImpersonationLevel.Impersonate
};
var scope = new ManagementScope(
string.Format("\\\\{0}\\root\\CIMV2", computerName),
connectionOptions);
scope.Connect();
// throws exception "Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))"
// my other code here
}
}
使用的 Windows 身份验证:
<authentication mode="Windows" />
<identity impersonate="false" />
尝试将 AppPool 作为 ApplicationPoolIdentity 和作为系统运行。尝试为 AppPool 授予“作为操作系统的一部分”。结果是一样的,我总是得到“访问被拒绝”。
为什么我有这个例外?除了模拟或授予 AppPool 一些权限之外,我还应该做其他事情吗?