如何将 NT AUTHORITY\IUSR 添加到管理员组
我想将 IUSR 帐户添加到我的 winforms 应用程序中的管理员组中。下面的代码失败,因为它找不到“NT AUTHORITY\IUSR”的用户:
DirectoryEntry AD = new DirectoryEntry("WinNT://" + Environment.MachineName + ",computer");
DirectoryEntry administrators = AD.Children.Find("Administrators", "group");
DirectoryEntry iusr = AD.Children.Find(@"NT AUTHORITY\IUSR", "user");
administrators.Invoke("Add", new object[] {iusr.Path.ToString()});
我意识到这是一个坏主意。我这样做是因为我正在编写一个 winforms 应用程序,该应用程序仅出于开发目的以编程方式在 IIS7 中创建一个新网站。网站已成功创建,但每当我尝试加载页面时,ASP.NET 都会显示错误“访问被拒绝”。当我将 IUSR 添加到管理员组时,一切正常。我还能尝试什么?以下是我用来创建新网站的代码:
Site site = servermgr.Sites.Add(websitename, physicalpath, port);
Binding binding = site.Bindings.CreateElement();
string bindinginfo = "*:" + port.ToString() + ":" + hostipaddress;
binding.Protocol = "http";
binding.BindingInformation = bindinginfo;
site.Bindings.Clear();
site.Bindings.Add(binding);
site.Applications.Add(applicationpath, applicationphysicalpath);
site.ApplicationDefaults.ApplicationPoolName = "Default";
servermgr.CommitChanges();
I want to add the IUSR account to that administrators group in my winforms application. The code below fails because it cant find a user for "NT AUTHORITY\IUSR":
DirectoryEntry AD = new DirectoryEntry("WinNT://" + Environment.MachineName + ",computer");
DirectoryEntry administrators = AD.Children.Find("Administrators", "group");
DirectoryEntry iusr = AD.Children.Find(@"NT AUTHORITY\IUSR", "user");
administrators.Invoke("Add", new object[] {iusr.Path.ToString()});
I realize this is a bad idea. I am doing this because I am writing a winforms application that programmatically creates a new website in IIS7 FOR DEVELOPMENT PURPOSES ONLY. The website is being created successfully however ASP.NET displays the error "Access is denied" whenever I try to load a page. When I add IUSR to the administrators group everything works fine. What else can I try? Below is the code I am using to create the new website:
Site site = servermgr.Sites.Add(websitename, physicalpath, port);
Binding binding = site.Bindings.CreateElement();
string bindinginfo = "*:" + port.ToString() + ":" + hostipaddress;
binding.Protocol = "http";
binding.BindingInformation = bindinginfo;
site.Bindings.Clear();
site.Bindings.Add(binding);
site.Applications.Add(applicationpath, applicationphysicalpath);
site.ApplicationDefaults.ApplicationPoolName = "Default";
servermgr.CommitChanges();
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
正确的解决方案是要求页面进行身份验证。然后浏览器会提示您登录;如果您使用适当授权的帐户,该页面将能够创建新网站。
IIS7 允许您从(例如)ApplicationHost.config 进行配置,而以前的版本要求您编辑元数据库(通常从 IIS 管理器)。
编辑:根据身份验证、浏览器和网络配置,可以安排浏览器使用您的域帐户自动登录页面。
The correct solution is to require authentication for the page. This then prompts the browser for you to log on; if you use a suitably empowered account the page will then be able to create the new website.
IIS7 allows you to configure this from (e.g.) ApplicationHost.config while previous versions required you to edit the metabase (usually from IIS manager).
EDIT: Depending on authentication, browser and network configuration, it is possible to arrange for the browser to automatically log in to the page using your domain account.