如何检查哪个用户正在尝试访问文件?

发布于 2024-10-05 05:05:18 字数 439 浏览 5 评论 0原文

我有一个 ASP.NET 网站,它使用文件流从远程服务器 2003 盒子上的 UNC 共享读取 PDF 图像。

我尝试在网站上加载文件(它只是在网站上嵌入了 PDF 查看器),但是当我调试代码时,当我尝试访问该文件时,它会抛出安全异常。

对_________路径的访问被拒绝。

因此,我向 ASPNET 用户授予了对 UNC 路径目录的访问权限。 我还向在 IIS 中的站点本身指定匿名访问的用户授予了访问权限。那没有用。

但是,当我授予“每个人”访问权限时,文件就会通过。

所以,我需要知道谁正在尝试访问该文件。假设是 ASPNET 用户或 IIS 中设置的匿名用户。两者都没有获得访问权限。

我尝试在 Server 2003 机器上设置文件审核,但当我收到访问被拒绝异常时,它没有在安全事件日志中记录失败。

I have an ASP.NET website which is using a filestream to read in a PDF image from a UNC share on a remote server 2003 box.

i attempt to load the file on the site (which simply embeds a PDF viewer on the site) but when i debug the code, it's throwing a security exception when i attempt to access the file.

access to _________ path is denied.

So I granted access to the UNC path directory to the ASPNET user.
I also granted access to the user that's specified for anonymous access in the site itself in IIS. That did not work.

However, I when grant "everybody" access and the file comes through.

So, I need to know WHO is trying to access the file. the assumption is either the ASPNET user or the anonymous user setup in IIS. neither of which is gaining access.

I tried to set up file auditing on the Server 2003 box but it's not logging a failure in the security event log when I get an access denied exception.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

少钕鈤記 2024-10-12 05:05:18

System.Security.Principal.WindowsIdentity.GetCurrent().Name 将为您获取当前用户名,您可以将该用户输出到屏幕或日志文件以检查它是谁。

ASPNET 用户是运行 ASP.NET 的 Windows 帐户,这可能不是访问该文件的用户。您可能需要显式授予匿名用户访问网络的权限(可能是 IUSR_MACHINENAME)。

编辑:

由于您已在 IIS 中启用匿名访问,您可以通过修改 web.config 以使用表单身份验证来强制您的应用程序使用匿名访问。搜索 '

<authentication mode="Forms" /> 

或者

<authentication mode="Forms">
  <forms loginUrl="~/Login.aspx" timeout="2880"/>
</authentication>

System.Security.Principal.WindowsIdentity.GetCurrent().Name will get you the current user name, you could output this user to the screen or to a log file to check who it is.

The ASPNET user is the windows account that ASP.NET runs under, this is probably not the user who will be accessing the file. You may need to explicitly grant privileges to the anonymous user to access the network (IUSR_MACHINENAME perhaps).

EDIT:

As you have enabled anonymous access in IIS, you can force your app to use anonymous access by modifying your web.config to use Forms authentication. Search for '

<authentication mode="Forms" /> 

or

<authentication mode="Forms">
  <forms loginUrl="~/Login.aspx" timeout="2880"/>
</authentication>
春风十里 2024-10-12 05:05:18

我意识到我遇到的问题。
由于某种原因,尝试访问该文件的是网络服务,而不是 ASPNET 或 IUSR。
我授予该目录对网络服务的读取权限,一切正常。
再次感谢。

I realized the issue I was having.
For some reason it was the NETWORK SERVICE that was trying to access the file rather than ASPNET or IUSR.
I granted read access to the NETWORK SERVICE to that directory and all is well.
Thanks again.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文