当前位置: 文江博客话题详情

Web 服务在远程计算机上执行

发布于 2024-08-18 04:46:23 字数 189 浏览 1 评论 0原文

我正在使用 asmx Web 服务来锁定远程计算机上的文件夹!

当我在本地计算机上运行 Web 服务时,一切正常,但当我在远程计算机上运行它时,没有任何反应,远程计算机上的文件夹保持解锁状态!

我想我需要在远程计算机上设置此 Web 服务的安全权限,但我不知道在哪里!

那么,我需要什么才能在远程计算机上执行此服务?

原文

I'm using asmx web service to lock a folder on remote computer!

When I run web service on local machine everything working fine, but when I run it on remote computer nothing happen, folder on remote computer stay unlock!

I supose that I need to set security permission for this web service on remote computer, but i don't know where!

So, what I need to enable executing this service on remote computer?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(5

婴鹅 2024-08-25 04:46:23

我怀疑是权限问题,网络服务是否具有对文件夹的读/写访问权限?

也许你可以尝试身份冒充。

<system.web>
<identity impersonate="true" userName="WindowsDomain\YourUserName" password="YourPassword" />
</system.web>

编辑 我首先检查服务器上的文件夹是否具有网络服务的写入权限。如果无法更改文件夹安全性,则使用 Web 配置中的身份模拟并将其映射为服务器上的用户。

编辑2 当代码尝试锁定文件夹时,您是否会抛出任何类型的错误?

I suspect it is permissions, does the network service have read/write access to folder?

Maybe you can try identity impersonate.

<system.web>
<identity impersonate="true" userName="WindowsDomain\YourUserName" password="YourPassword" />
</system.web>

EDIT I would begin by checking that the folder on the server has write permissions for the Network Service. If the folder security can not be changed then use the identity impersonate in the web config and map it a user on the server.

EDit 2 Do you get any kind of error thrown when the code tries to lock the folder?

回复 原文
不必在意 2024-08-25 04:46:23

远程 asmx 在什么凭据下运行?它是否有权对自己的文件夹结构之外的文件系统进行操作?

What credentials is the remote asmx running under? Does it have the rights to do operations on the file system outside of its own folder structure?

回复 原文
虐人心 2024-08-25 04:46:23

这是删除用户允许对某些文件夹的权限的函数:

Public Function RemoveAllowPermission(ByVal filePath As String, ByVal username As String, ByVal power As String) 

        Dim dirinfo As DirectoryInfo = New DirectoryInfo(filePath)

        Dim dirsecurity As DirectorySecurity = dirinfo.GetAccessControl()
        dirsecurity.SetAccessRuleProtection(True, True)
        Select Case power

            Case "FullControl"

                dirsecurity.RemoveAccessRuleAll(New FileSystemAccessRule(username, FileSystemRights.FullControl, InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow))

                dirsecurity.RemoveAccessRuleAll(New FileSystemAccessRule(username, FileSystemRights.FullControl, InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow))

                dirsecurity.RemoveAccessRuleAll(New FileSystemAccessRule(username, FileSystemRights.FullControl, InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow))

            Case "ReadOnly"

                dirsecurity.RemoveAccessRuleAll(New FileSystemAccessRule(username, FileSystemRights.Read, AccessControlType.Allow))

            Case "Write"

                dirsecurity.RemoveAccessRuleAll(New FileSystemAccessRule(username, FileSystemRights.Write, InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow))

                dirsecurity.RemoveAccessRuleAll(New FileSystemAccessRule(username, FileSystemRights.Write, InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow))

                dirsecurity.RemoveAccessRuleAll(New FileSystemAccessRule(username, FileSystemRights.Write, InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow))

            Case "Modify"

                dirsecurity.RemoveAccessRuleAll(New FileSystemAccessRule(username, FileSystemRights.Modify, AccessControlType.Allow))

        End Select

        dirinfo.SetAccessControl(dirsecurity)

    End function

在下一个函数中,我调用RemoveAllowPermission函数:

 <WebMethod()> _
    Public Function ChangePermission()
        Dim file As String = "C:\Pictures"
        Dim fs As FileSecurity = System.IO.File.GetAccessControl(file)
        Dim owner As NTAccount = CType(fs.GetOwner(GetType(NTAccount)), NTAccount)

        Dim usergroup As AuthorizationRuleCollection = fs.GetAccessRules(True, True, (GetType(System.Security.Principal.NTAccount)))
        Try
            For Each Rule As FileSystemAccessRule In usergroup
                RemoveAllowPermission(file, Rule.IdentityReference.Value, "FullControl")
              Next
        Catch ex As Exception
Return ("Error")
        End Try
    End Sub
Return 0
End Class

因此,当我在远程计算机上运行服务时,我的ChangePermission函数捕获异常并返回异常消息错误!

This is the function that remove user allow permission on certain folder:

Public Function RemoveAllowPermission(ByVal filePath As String, ByVal username As String, ByVal power As String) 

        Dim dirinfo As DirectoryInfo = New DirectoryInfo(filePath)

        Dim dirsecurity As DirectorySecurity = dirinfo.GetAccessControl()
        dirsecurity.SetAccessRuleProtection(True, True)
        Select Case power

            Case "FullControl"

                dirsecurity.RemoveAccessRuleAll(New FileSystemAccessRule(username, FileSystemRights.FullControl, InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow))

                dirsecurity.RemoveAccessRuleAll(New FileSystemAccessRule(username, FileSystemRights.FullControl, InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow))

                dirsecurity.RemoveAccessRuleAll(New FileSystemAccessRule(username, FileSystemRights.FullControl, InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow))

            Case "ReadOnly"

                dirsecurity.RemoveAccessRuleAll(New FileSystemAccessRule(username, FileSystemRights.Read, AccessControlType.Allow))

            Case "Write"

                dirsecurity.RemoveAccessRuleAll(New FileSystemAccessRule(username, FileSystemRights.Write, InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow))

                dirsecurity.RemoveAccessRuleAll(New FileSystemAccessRule(username, FileSystemRights.Write, InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow))

                dirsecurity.RemoveAccessRuleAll(New FileSystemAccessRule(username, FileSystemRights.Write, InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow))

            Case "Modify"

                dirsecurity.RemoveAccessRuleAll(New FileSystemAccessRule(username, FileSystemRights.Modify, AccessControlType.Allow))

        End Select

        dirinfo.SetAccessControl(dirsecurity)

    End function

In next function i call RemoveAllowPermission function:

 <WebMethod()> _
    Public Function ChangePermission()
        Dim file As String = "C:\Pictures"
        Dim fs As FileSecurity = System.IO.File.GetAccessControl(file)
        Dim owner As NTAccount = CType(fs.GetOwner(GetType(NTAccount)), NTAccount)

        Dim usergroup As AuthorizationRuleCollection = fs.GetAccessRules(True, True, (GetType(System.Security.Principal.NTAccount)))
        Try
            For Each Rule As FileSystemAccessRule In usergroup
                RemoveAllowPermission(file, Rule.IdentityReference.Value, "FullControl")
              Next
        Catch ex As Exception
Return ("Error")
        End Try
    End Sub
Return 0
End Class

So when I run service on remote computer my ChangePermission function catch exception and return exception message Error!

回复 原文
紫竹語嫣☆ 2024-08-25 04:46:23

由于它是ASMX,我认为它符合ASP.NET的模拟规则。由于没有以编程方式登录的功能,您应该使用非托管 api。

假设您需要在模拟上下文中(在可以访问您想要的位置的远程计算机用户帐户下)执行某些操作。

Impersonation.Execute(myEntity.NasUser, myEntity.NasPassword, () =>    
{     
//Copy File to UNC Path for example
   File.Copy(sourceFile, Path.Combine(myEntity.UploadPath, Path.GetFileName(sourceFile)), true);     
});

导入非托管 api:

    [DllImport("advapi32.dll", SetLastError = true)]     
    public static extern bool LogonUser(     
        string lpszUsername,     
        string lpszDomain,     
        string lpszPassword,     
        int dwLogonType,     
        int dwLogonProvider,     
        out IntPtr phToken     
        );    
    [DllImport("kernel32.dll", CharSet = CharSet.Auto)]     
    public extern static bool CloseHandle(IntPtr handle);

前面提到的执行可能是这样的:

public static void Execute(string userName, string domain, string password, Action action)    
    {     
        try     
        {     
            bool bImpersonated = LogonUser(     
                userName,     
                domain,     
                password,     
                logon32LogonInteractive,     
                logon32ProviderDefault,     
                out tokenHandle);     
            if (bImpersonated == false)     
            {     
                throw new Win32Exception(Marshal.GetLastWin32Error());     
            }     
            WindowsIdentity newId = new WindowsIdentity(tokenHandle);     
            impersonatedUser = newId.Impersonate();     
            action();     
        }     
        catch (Exception ex)     
        {     
            throw ex;     
        }     
        finally     
        {     
            if (impersonation != null)     
                impersonation.Dispose();     
        }     
    }

您不应该忘记撤消模拟并返回到之前的 windowscredentials 状态:

public void Dispose()    
{     
    // Stop impersonating the user.     
    if (impersonatedUser != null)     
        impersonatedUser.Undo();     
    // close handle     
    if (tokenHandle != IntPtr.Zero)     
        CloseHandle(tokenHandle);     
}

As it is ASMX, I think that it falls for impersonation rules of ASP.NET. As there is no login function programmatically you should use the unmanaged api.

Let's say you need to do something in an impersonation context (under the remote's computer user account that has access at where you want).

Impersonation.Execute(myEntity.NasUser, myEntity.NasPassword, () =>    
{     
//Copy File to UNC Path for example
   File.Copy(sourceFile, Path.Combine(myEntity.UploadPath, Path.GetFileName(sourceFile)), true);     
});

Import the unmanaged api:

    [DllImport("advapi32.dll", SetLastError = true)]     
    public static extern bool LogonUser(     
        string lpszUsername,     
        string lpszDomain,     
        string lpszPassword,     
        int dwLogonType,     
        int dwLogonProvider,     
        out IntPtr phToken     
        );    
    [DllImport("kernel32.dll", CharSet = CharSet.Auto)]     
    public extern static bool CloseHandle(IntPtr handle);

The aforementioned execute could be something like that:

public static void Execute(string userName, string domain, string password, Action action)    
    {     
        try     
        {     
            bool bImpersonated = LogonUser(     
                userName,     
                domain,     
                password,     
                logon32LogonInteractive,     
                logon32ProviderDefault,     
                out tokenHandle);     
            if (bImpersonated == false)     
            {     
                throw new Win32Exception(Marshal.GetLastWin32Error());     
            }     
            WindowsIdentity newId = new WindowsIdentity(tokenHandle);     
            impersonatedUser = newId.Impersonate();     
            action();     
        }     
        catch (Exception ex)     
        {     
            throw ex;     
        }     
        finally     
        {     
            if (impersonation != null)     
                impersonation.Dispose();     
        }     
    }

You should not forget to undo the impersonation and return to the previous windowscredentials state:

public void Dispose()    
{     
    // Stop impersonating the user.     
    if (impersonatedUser != null)     
        impersonatedUser.Undo();     
    // close handle     
    if (tokenHandle != IntPtr.Zero)     
        CloseHandle(tokenHandle);     
}
回复 原文
鲜血染红嫁衣 2024-08-25 04:46:23

好吧,您始终可以像使用管理员帐户一样运行 Web 服务的应用程序池!不建议在生产中这样做,但如果它有效,至少你有一个起点。祝你好运。

Well you could always run the Application Pool of the web service as with an Administrator account! Not advised to do that in production but if it works at least you have a starting point. Good luck.

回复 原文
~没有更多了~

关于作者

韵柒

暂无简介

0 文章
0 评论
22 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

不再见

文章 0 评论 0

真是无聊啊

文章 0 评论 0

樱娆

文章 0 评论 0

浅语花开

文章 0 评论 0

烛光

文章 0 评论 0

绻影浮沉

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文