C# 代码自动授予 IIS 对 Windows Server 2008 上文件夹的写入权限?目前抛出异常
我正在尝试编写一个命令行工具,该工具将为 Windows Server 2008 上的 IIS7.5 提供对 wwwroot 中文件夹的写入权限,以便 Web 应用程序有权写入其基本目录中的特定文件夹。以前,您可以通过在文件夹上分配 IIS_WPG 组来授予该组修改访问权限来执行此操作。
在 Server 2008 中,我尝试对 IIS_IUSRS 执行相同的操作,但发生了异常。
代码如下:
private static void ManagePermissions(string directory, string account, FileSystemRights rights, AccessControlType controlType, bool addAccess)
{
DirectoryInfo directoryInfo = new DirectoryInfo(directory);
DirectorySecurity directorySecurity = directoryInfo.GetAccessControl();
if (addAccess)
directorySecurity.AddAccessRule(
new FileSystemAccessRule(account, rights, controlType));
else
directorySecurity.RemoveAccessRule(
new FileSystemAccessRule(account, rights, controlType));
directoryInfo.SetAccessControl(directorySecurity);
}
对此方法的调用如下:
ManagePermissions(
"c:\inetpub\wwwroot",
"MACHINENAME\IIS_IUSRS",
FileSystemRights.Modify,
AccessControlType.Allow,
true);
当执行对 ManagePermissions 的调用时,会引发异常,并显示以下类型和消息:
System.Security.Principal.IdentityNotMappedException:
Some or all identity references could not be translated.
我已检查多次以确保 MACHINENAME\IIS_IUSRS 与用户完全匹配在执行此代码的计算机上的本地用户管理器中。该计算机不参与 Windows 域。
如果您需要任何进一步说明,请告诉我。
I am trying to write a command line tool that will give IIS7.5 on windows server 2008 write access to a folder in the wwwroot, so that a web application has access to write to a specific folder within it's base directory. Formerly, you would do this by assigning the IIS_WPG group on the folder giving that group Modify access.
In Server 2008 I'm trying to do the same thing with IIS_IUSRS, but an exception is ocurring.
Here is the code:
private static void ManagePermissions(string directory, string account, FileSystemRights rights, AccessControlType controlType, bool addAccess)
{
DirectoryInfo directoryInfo = new DirectoryInfo(directory);
DirectorySecurity directorySecurity = directoryInfo.GetAccessControl();
if (addAccess)
directorySecurity.AddAccessRule(
new FileSystemAccessRule(account, rights, controlType));
else
directorySecurity.RemoveAccessRule(
new FileSystemAccessRule(account, rights, controlType));
directoryInfo.SetAccessControl(directorySecurity);
}
The call to this method is as follows:
ManagePermissions(
"c:\inetpub\wwwroot",
"MACHINENAME\IIS_IUSRS",
FileSystemRights.Modify,
AccessControlType.Allow,
true);
When execute that call to ManagePermissions an exception is thrown with the following type and message:
System.Security.Principal.IdentityNotMappedException:
Some or all identity references could not be translated.
I've checked multiple times to ensure that MACHINENAME\IIS_IUSRS is an exact match with the user in the local user manager on the machine this code is executing on. This machine does not participate in a windows domain.
Let me know if you need any further clarification.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
IIS_IUSRS 是一个内置组,因此不应使用
[machinename]\IIS_IUSRS引用它,而应使用BUILTIN\IIS_IUSRS引用它。像这样:切换到引用用户的方式修复了我的代码。我以与示例中引用的方式稍有不同的方式获取帐户:
然后通过不同的构造函数使用它,这样也可能会影响翻译,但我对此表示怀疑:
IIS_IUSRS is a built in group, so it should not be referenced with
[machinename]\IIS_IUSRSbut withBUILTIN\IIS_IUSRS. Like so:Switching to that way of referencing the user fixed my code. I get the account in a slightly different way than referenced in your example:
And then use it via a different constructor so that may affect the translation as well but I doubt it:
更新:最近我发现在非英语 Windows(Windows Server 2008 R2 x64 IIS7)上向用户 IIS_IUSRS 添加完全控制时出现错误。
尽管 IIS_IUSRS 未翻译,但它前面的“BUILTIN”可能会导致错误
因此,请注意使用“BUILTIN\IIS_IUSRS”,仅使用“IIS_IUSRS” - 它适用于英语和非英语窗口
Update: recently I've seen error with adding full control to user IIS_IUSRS on non-english windows (Windows server 2008 R2 x64 IIS7).
Despite that IIS_IUSRS is not translated, 'BUILTIN' in front of it can cause an error
So, be aware of using "BUILTIN\IIS_IUSRS", use just 'IIS_IUSRS' instead - its working on both english and non-english windows