我有 asp.net 网站并尝试访问服务器中的共享文件夹,当我在身份模拟上使用我的用户名和密码时,它工作正常并让我检查登录用户对文件夹的权限但是如果我尝试服务帐户是域然后管理员还会给出“尝试执行未经授权的操作”。在 DirectorySecurity dirSec = Directory.GetAccessControl(folder);
<identity impersonate="true" userName="DomainUser" password="Password"/>
当我登录到该服务帐户时,它具有对所有这些文件夹的完全控制访问权限。
public string GetFolderPermissions(string folder, string user) {
string permissionShort = string.Empty;
string executingUser = user;
NTAccount acc = new NTAccount(executingUser);
SecurityIdentifier secId = acc.Translate(typeof(SecurityIdentifier)) as SecurityIdentifier;
DirectorySecurity dirSec = Directory.GetAccessControl(folder);
AuthorizationRuleCollection authRules = dirSec.GetAccessRules(true, true, typeof(SecurityIdentifier));
foreach(FileSystemAccessRule ar in authRules) {
if(secId.CompareTo(ar.IdentityReference as SecurityIdentifier) == 0) {
var fileSystemRights = ar.FileSystemRights;
permissionShort += ((ar.FileSystemRights & FileSystemRights.FullControl) == FileSystemRights.FullControl) ? "F" : "-";
permissionShort += ((ar.FileSystemRights & FileSystemRights.Write) == FileSystemRights.Write) ? "W" : "-";
permissionShort += ((ar.FileSystemRights & FileSystemRights.Read) == FileSystemRights.Read) ? "R" : "-";
permissionShort += ((ar.FileSystemRights & FileSystemRights.ReadAndExecute) == FileSystemRights.ReadAndExecute) ? "A" : "-";
permissionShort += ((ar.FileSystemRights & FileSystemRights.ListDirectory) == FileSystemRights.ListDirectory) ? "L" : "-";
permissionShort += ((ar.FileSystemRights & FileSystemRights.Modify) == FileSystemRights.Modify) ? "M" : "-";
permissionShort += ((ar.FileSystemRights & FileSystemRights.ExecuteFile) == FileSystemRights.ExecuteFile) ? "E" : "-";
permissionShort += "\n";
}
}
return permissionShort;
}
我不明白。