允许本地aspnet帐户执行SharpSvn.CreateRepository
我有一个 ASP.NET Web 应用程序,它尝试在 SharpSvn 中执行 CreateRepository 方法,以便可以通过 Web 界面配置新的存储库。 从 Visual Studio 中执行应用程序时,一切运行正常,因为它以我自己的身份运行,该身份有权访问在我的本地计算机上运行的 VisualSVN 服务器实例。 但是,如果我在本地 XP 计算机上的 IIS 下运行该应用程序,则 asp.net 工作进程在本地 aspnet 帐户下执行,我似乎无法授予创建存储库的权限。 无论我将权限扩展到多远(甚至扩展到本地管理员或 VisualSVN 管理员组),SharpSvn 都会不断抛出 SvnAuthorizationException,并且我会在 aspnet 帐户下的安全事件日志中获得相应的条目。
这是代码正在做的事情:
string repoPath = string.Format("{0}{1}", repoFolderPath, repoName);
using (var svnRepoClient = new SvnRepositoryClient())
{
svnRepoClient.LoadConfiguration(repoPath);
svnRepoClient.CreateRepository(repoPath);
}
这导致了这个堆栈跟踪:
[SvnAuthorizationException:不能 创建目录 'E:\Repositories\TestRepoName': 访问被拒绝。 ]
[SvnAuthorizationException:无法 创建顶级目录]
[SvnAuthorizationException:存储库 创建失败]
SharpSvn.SvnClientArgs.HandleResult(SvnClientContext 客户端,SvnException 错误)+165
SharpSvn.SvnClientArgs.HandleResult(SvnClientContext 客户端,svn_error_t* 错误)+80
SharpSvn.SvnRepositoryClient.CreateRepository(字符串 存储库路径, SvnCreateRepositoryArgs 参数)+828
SharpSvn.SvnRepositoryClient.CreateRepository(字符串 存储库路径)+53
RepoManager.DataAccess.RepoDataAccess.CreateRepo(字符串 repoName,字符串项目名称,员工 创建者员工)+183
RepoManager.Web.Default.SubmitButton_Click(对象 发送者,EventArgs e) +357
System.Web.UI.WebControls.Button.OnClick(EventArgs e) +111
System.Web.UI.WebControls.Button.RaisePostBackEvent(字符串 事件参数)+110
System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String 事件参数)+10
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler) 源控件,字符串事件参数) +13 System.Web.UI.Page.RaisePostBackEvent(NameValueCollection 发布数据)+36
System.Web.UI.Page.ProcessRequestMain(布尔值 includeStagesBeforeAsyncPoint,布尔值 includeStagesAfterAsyncPoint) +1565
看起来另一种方法是配置 web.config 来模拟另一个帐户(例如域级别帐户),但当我只想授予 aspnet 帐户适当的权限时,它似乎很冗长。
有人对如何做到这一点有任何建议吗? aspnet 帐户配置中的什么问题导致似乎无法授予这些权限?
我不确定当它进入生产服务器时是否可以通过应用程序池标识来解决这个问题,但它仍然不能解决在 IIS 下本地运行的问题。
I’ve got an ASP.NET web app which is trying to execute the CreateRepository method within SharpSvn so that new repos can be provisioned through a web interface. Everything runs fine when executing the app from within Visual Studio as it’s running under my own identity which has rights to the VisualSVN server instance running on my local machine. However, if I run the app under IIS on my local XP machine then the asp.net worker process executes under the local aspnet account which I can’t seem to grant the rights to create repositories. No matter how far I expand the rights (even into the local admin or VisualSVN admin groups), SharpSvn continually throws an SvnAuthorizationException and I get a corresponding entry in the security event log under the aspnet account.
Here's what the code is doing:
string repoPath = string.Format("{0}{1}", repoFolderPath, repoName);
using (var svnRepoClient = new SvnRepositoryClient())
{
svnRepoClient.LoadConfiguration(repoPath);
svnRepoClient.CreateRepository(repoPath);
}
Which is resulting in this stack trace:
[SvnAuthorizationException: Can't
create directory 'E:\Repositories\TestRepoName':
Access is denied. ][SvnAuthorizationException: Could not
create top-level directory][SvnAuthorizationException: Repository
creation failed]
SharpSvn.SvnClientArgs.HandleResult(SvnClientContext
client, SvnException error) +165
SharpSvn.SvnClientArgs.HandleResult(SvnClientContext
client, svn_error_t* error) +80
SharpSvn.SvnRepositoryClient.CreateRepository(String
repositoryPath,
SvnCreateRepositoryArgs args) +828
SharpSvn.SvnRepositoryClient.CreateRepository(String
repositoryPath) +53
RepoManager.DataAccess.RepoDataAccess.CreateRepo(String
repoName, String projectName, Employee
creatorEmployee) +183
RepoManager.Web.Default.SubmitButton_Click(Object
sender, EventArgs e) +357
System.Web.UI.WebControls.Button.OnClick(EventArgs
e) +111
System.Web.UI.WebControls.Button.RaisePostBackEvent(String
eventArgument) +110
System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String
eventArgument) +10
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler
sourceControl, String eventArgument)
+13 System.Web.UI.Page.RaisePostBackEvent(NameValueCollection
postData) +36
System.Web.UI.Page.ProcessRequestMain(Boolean
includeStagesBeforeAsyncPoint, Boolean
includeStagesAfterAsyncPoint) +1565
It looks like an alternative is to configure the web.config to impersonate another account (such as a domain level account) but it seems verbose when all I want to do is to grant the aspnet account the appropriate rights.
Does anyone have any suggestions on how this can be done? What is it about the aspnet account configuration that makes it seemingly impossible to grant these rights to?
I’m not sure if this can be tackled through the app pool identity when this goes onto a production server but it still doesn’t address the problems running locally under IIS.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
您是否检查了尝试创建存储库的位置的 NTFS 权限?
根据您的 ASP.NET 设置,需要创建权限的用户可以是 ASP.Net/网络服务帐户或登录用户(匿名 Internet 用户,或者如果您使用 Windows 身份验证,则为连接到站点的用户)/
您可以使用 web.config 中的设置强制 ASP.Net 以特定用户身份运行
Did you check the NTFS permissions on the location where you are trying to create the repository?
Depending on your asp.net settings the user that needs create rights there is either the ASP.Net/Network Service account or the logged on user (Anonymous internet user, or the user connected to the site if you use Windows authentication)/
You can force ASP.Net to run as a specific user with the settings in the web.config
要在运行 IIS 7 的 Windows 上执行此操作,您需要执行四件事。
即使 SharpSVN 不需要安装 Tortoise SVN机器,您将需要它来清除身份验证缓存。 右键单击 Windows 中的任意菜单 > 乌龟SVN> 设置> 已保存数据> 单击“清除”进行身份验证。 如果您在该机器(服务器)上使用 Tortoise SVN,则每次单击“保存凭据”选项时都需要清除缓存,这会很烦人。 我的开发机器上通常有一个配置选项来对用户进行硬编码。
管理工具> IIS 7> 单击应用程序池> 右键单击相应的应用程序池并选择高级设置> 将“身份”设置为可以通过 Active Directory 中的 Kerberos 和 NTLM 进行身份验证的用户帐户(这取决于浏览器以及浏览器如何建立身份验证票证)
IIS 7 > > 点击网站> 认证> 全部禁用,然后启用“Windows 身份验证”
使用此代码进行身份验证。
You will need to do four things for this to work on Windows running IIS 7.
Even though SharpSVN doesn't require Tortoise SVN to be installed on the machine, you will need it to clear the authentication cache. Right click any menu in Windows > TortoiseSVN > Settings > Saved Data > click "Clear" for Authentication. If you're using Tortoise SVN on that machine (server), you will need to clear the cache each time you click the "Save Credentials" option, which gets annoying. I generally have a config option on my development machine to hard code the user.
Administrative Tools > IIS 7 > click application pools > right click appropriate application pool and choose Advanced Settings > set the "Identity" to a user account who can authenticate via Kerberos and NTLM in Active Directory (it depends on the browser and how the browser is establishing authentication tickets)
IIS 7 > click web site > Authentication > Disable all, then Enable "Windows Authentication"
Use this code to authenticate.