即使禁用,IIS 7.5 也会使用模拟
我正在使用 IIS 7.5,并为默认网站启用了 Windows 身份验证。我已将其设置为作为 IIS AppPool Identity 运行,并向我的 Web 文件夹授予 IIS 应用程序池身份的权限。 但是,当用户登录我的网站并提供网络凭据时,它会冒充用户来访问我的 Web 文件夹,而不是使用应用程序池身份,并且用户会收到 401 错误。 我也通过 procmon 验证了这一点。
i also ran appcmd set config /commit:WEBROOT /section:identity /impersonate:false
以确保禁用模拟。我必须将计算机名\用户 ID 添加到具有读取/执行权限的 Web 应用程序文件夹中才能使其正常工作。我在这里缺少什么?
i am using IIS 7.5 with windows auth enabled for a default web site. i have set it to run as IIS AppPoool Identity and given permisson to my web folder to the IIS app pool identity.
but when a users logins to my site and provides network credentials its impersonating as the user to get access to my web folder instead of using app pool identity and the user is getting 401 error.
i verified this through procmon as well.
i also ran appcmd set config /commit:WEBROOT /section:identity /impersonate:false
to make sure impersonation is disabled. i have to add the computername\users id to the web app folder with read/execute permission to get it to work. what am i missing here?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我不知道如何通过命令行执行此操作,但以下是通过 GUI 执行的步骤。
此窗口允许您更改用户。
请注意,冒充有两种形式,这会导致您感到困惑。应用程序池模拟导致应用程序在用户的上下文中运行。连接方式导致应用程序池使用用户来访问磁盘上的资源,而不是实际在用户的上下文中运行。
另请注意,如果您使用匿名身份验证,则连接为框中的“经过身份验证的用户”是身份验证中定义的匿名用户。
I don't know how to do this via command line, but here are the steps via the GUI.
This window allows you to change the user.
Note that there are two forms of impersonation, which is what is causing you confusion. Application pool impersonation causes the application to run in the context of the user. Connect as causes the application pool to use the user to access the resource on disk, without actually running in the context of the user otherwise.
Also note that if you are using Anonymous authentication the "Authenticated user" in the Connect as box is the anonymous user defined in Authentication.