授予网络服务回收 iis 应用程序池的权限

发布于 2024-11-08 15:05:49 字数 943 浏览 1 评论 0原文

我正在尝试创建一个 .NET Web 应用程序，用于重新启动远程 Web 服务器上的应用程序池，并在 Windows Server 2003 上运行 IIS 6.0。我的代码可以正常工作，但遇到权限问题。

string appPoolPath = ConfigurationSettings.AppSettings["ApplicationPool"];

string systemId = System.Security.Principal.WindowsIdentity.GetCurrent().Name;

try
{

    DirectoryEntry svc = new DirectoryEntry(appPoolPath);
    svc.Invoke("Recycle");
    LabelResult.Text = "Application Pool Recycled Succesfully!";
    LabelResult.Visible = true;
}
catch(Exception exc)
{

    LabelResult.Text = "Error (" + systemId + "): " + exc.Message + " : " + exc.InnerException;

    LabelResult.Visible = true;
}

当我运行代码时，出现以下错误：

错误（NT AUTHORITY\NETWORK SERVICE）：调用目标已引发异常。：System.UnauthorizedAccessException：访问被拒绝。（HRESULT 异常：0x80070005 (E_ACCESSDENIED)）

所以我的问题是，如何授予 NETWORK SERVICE 帐户调用回收的权限，而不授予该帐户完整的管理权限？是否可以？

我知道解决此问题的另一种方法是模拟服务器上的现有管理员之一，但我不允许这样做。我无法在计算机上创建用户，也无法获取现有用户帐户的登录凭据。

原文

I am trying to create a .NET web application that restarts an app pool on a remote web server, running IIS 6.0 on Windows Server 2003. I have the code working, but I have a permissions issue.

string appPoolPath = ConfigurationSettings.AppSettings["ApplicationPool"];

string systemId = System.Security.Principal.WindowsIdentity.GetCurrent().Name;

try
{

    DirectoryEntry svc = new DirectoryEntry(appPoolPath);
    svc.Invoke("Recycle");
    LabelResult.Text = "Application Pool Recycled Succesfully!";
    LabelResult.Visible = true;
}
catch(Exception exc)
{

    LabelResult.Text = "Error (" + systemId + "): " + exc.Message + " : " + exc.InnerException;

    LabelResult.Visible = true;
}

When I run the code, I get the following error:

Error (NT AUTHORITY\NETWORK SERVICE): Exception has been thrown by the target of an invocation. : System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

So my question is, how can I grant the NETWORK SERVICE account permission to invoke recycle without giving the account full admin privileges? Is it possible?

I know another way to solve this is to impersonate one of the existing admins on the server, but I am not allowed to do that. I can't create users on the machine and I can't get login credentials for existing user accounts.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

孤君无依 2024-11-15 15:05:49

另一种选择：

将虚拟文件放在 /bin 目录中，并在每次要重新启动池时更新它

回复收藏 0 原文

久伴你 2024-11-15 15:05:49

这并不完全正确。
您需要 Web.Config 中的一个部分：

<section name="TestSection" restartOnExternalChanges="true" requirePermission="false" type="System.Configuration.AppSettingsSection, System.Configuration"/>

<TestSection configSource="Test.config"></TestSection>

然后，当您修改 Test.config 时，应用程序池将被回收。

This is not entirely true.
You need a section in Web.Config:

<section name="TestSection" restartOnExternalChanges="true" requirePermission="false" type="System.Configuration.AppSettingsSection, System.Configuration"/>

<TestSection configSource="Test.config"></TestSection>

Then when you modify Test.config, the app pool gets recycled.

回复收藏 0 原文

姜生凉生 2024-11-15 15:05:49

尝试删除并创建应用程序池。已经解决了我的问题。

var server = new ServerManager();
var pool = server.ApplicationPools.FirstOrDefault(q => q.Name == "MyPool");
if (pool != null)
{
    server.ApplicationPools.Remove(pool);
    server.CommitChanges();

    server.ApplicationPools.Add("MyPool");
    server.CommitChanges();
}

Try remove and create application pool. Has solved my problem.

var server = new ServerManager();
var pool = server.ApplicationPools.FirstOrDefault(q => q.Name == "MyPool");
if (pool != null)
{
    server.ApplicationPools.Remove(pool);
    server.CommitChanges();

    server.ApplicationPools.Add("MyPool");
    server.CommitChanges();
}

回复收藏 0 原文

~没有更多了~