我们最近升级到IIS7作为核心web服务器,我需要一个权限方面的概述。以前,当需要写入文件系统时,我会给AppPool用户(网络服务)访问目录或文件的权限。
在IIS7中,我看到,默认情况下,appppool用户被设置为ApplicationPoolIdentity。因此,当我检查任务管理器时,我看到一个名为WebSite的用户帐户。例如,正在运行IIS进程('Website。示例'是IIS中的网站名称)
但是,如果我尝试使用该用户帐户来授予权限,则该用户帐户不存在。那么,我如何确定哪个用户也给予权限呢?
请看下面的屏幕截图中的问题。我们的网站(www.silverchip.co.uk)以用户名SilverChip.co.uk运行。但是当我添加权限时,这个用户不存在!
请看appool图片:
Part A:配置应用程序池
假设应用程序池名为“myypool”
从IIS管理器转到应用程序池的“高级设置”
向下滚动到“身份”。尝试编辑该值将弹出一个对话框。选择“内置帐户”,并在其下面选择“ApplicationPoolIdentity”。
在“身份”下面几行,你应该找到“加载用户配置文件”。这个值应该设置为“True”。
第二部分:配置网站
Website Name: SiteName (just an example)
Physical Path: C:\Whatever (just an example)
Connect as... : Application User (pass-through authentication)
(The above settings can be found in 'Basic Settings' of the site in the IIS Manager)
After configuring the basic settings, look for the 'Authentication' configuration under 'IIS' in the main console of the site. Open it. You should see an option for 'Anonymous Authentication'. Make sure it is enabled. Then right click and 'Edit...' it. Select 'Application Pool Identity'.
C部分:配置文件夹
有问题的文件夹是C:\Whatever
Go to Properties - Sharing - Advanced Sharing - Permissions, and tick 'Share this folder'
In the same dialog box, you will find a button 'Permissions'. Click it.
A new dialog box will open. Click 'Add'.
A new dialog box 'Select Users or Groups' will open. Under 'From this location' make sure the name is the same as your local host computer. Then, under 'Enter the object names', type 'IIS AppPool\MyPool' and click 'Check Names' and then 'Ok'
Give full sharing permissions for 'MyPool' user. Apply it and close the folder properties
Open folder properties again. This time, go to Security - Advanced - Permission, and click Add. There will be an option 'Select a Principal' at the top, or some other option to choose a user. Click it.
The 'Select Users or Groups' dialog box will open again. Repeat step 4.
Give all or as many permissions you need to the 'MyPool' user.
Check 'Replace all child object permissions..." and Apply and close.
您现在应该能够使用浏览网站