My web app writes to several folders (logs, uploads, etc), and I've always set these permissions manually through my hosting provider.
我的网络应用程序写入几个文件夹(日志,上传等),我总是通过我的托管服务提供商手动设置这些权限。
I'd like to create a setup script that performs this on new installations. Is this possible under Medium trust?
我想创建一个在新安装上执行此操作的安装脚本。在Medium trust下这可能吗?
I can't even call File.GetAccessControl, let alone File.SetAccessControl, but I don't need such a "big hammer", anyway. I just want to do what the ISP (in this case GoDaddy) is letting me do through a management console.
我甚至无法调用File.GetAccessControl,更不用说File.SetAccessControl,但我不需要这样的“大锤子”。我只是想做ISP(在这种情况下是GoDaddy)让我通过管理控制台做什么。
I believe PHP is able to do this, and I'd be willing to consider a PHP page for this purpose if that's possible.
我相信PHP能够做到这一点,如果可能的话,我愿意为此目的考虑一个PHP页面。
2 个解决方案
#1
2
Ok assuming you are using IIS and asp.net in the usual fashion you must have an asp.net account under which the framework executes your application on your behalf.
好的,假设您以通常的方式使用IIS和asp.net,您必须拥有一个asp.net帐户,框架在该帐户下代表您执行您的应用程序。
The web application runs under a single account and through authentication users are programmatically granted access to do things that your "master account" carries out on their behalf.
Web应用程序在单个帐户下运行,通过身份验证,用户可以通过编程方式获得访问权,以执行“主帐户”代表他们执行的操作。
Think of it as looking something like this ....
把它想象成这样......
Asp.net loads your app (asp account) User connects (iuser account) User logs in (? depending on account used could be windows auth or forms auth, ect)
Asp.net加载你的应用程序(asp帐户)用户连接(iuser帐户)用户登录(?取决于使用的帐户可能是Windows身份验证或表单身份验证,等)
User requests to do something using your rendered web pages under their accounts ...
用户请求使用您帐户下呈现的网页执行某些操作...
asp.net checks user has permission to perform operation (asp.net acount) if user can do this asp.net acts on requested action (asp.net account)
asp.net检查用户是否有权执行操作(asp.net acount)如果用户可以执行此操作,asp.net会对请求的操作执行操作(asp.net帐户)
Therefore ... You should already have the relevant permissions in that asp.net account to do what you need to do.
因此......您应该已经拥有该asp.net帐户中的相关权限,以执行您需要执行的操作。
There is a level above all that too ... the IIS server itself runs under the system / network service account normally.
最重要的是...... IIS服务器本身通常在系统/网络服务帐户下运行。
So the question is really ... How do you want to grant the permissions to a possible user to write to the server.
所以问题是......你想如何授予可能的用户写入服务器的权限。
Have a look at the membership provider and roleprovider classes in the framework you should be able to inherit those and create an ActiveDirectoryRoleProvider and ActiveDirectoryMembershipProvider class that would authenticate based on role membership of users in AD, or if you prefer just authenticate against a DB with the basic asp.net provider classes.
查看框架中的成员资格提供程序和roleprovider类,您应该能够继承这些类,并创建一个ActiveDirectoryRoleProvider和ActiveDirectoryMembershipProvider类,它将根据AD中用户的角色成员身份进行身份验证,或者如果您更喜欢仅对数据库进行身份验证。基本的asp.net提供程序类。
Hope this helps.
希望这可以帮助。
#2
0
You need to edit a config file in %windir%\Microsoft.NET\Framework{Version}\
您需要在%windir%\ Microsoft.NET \ Framework {Version}中编辑配置文件
#1
2
Ok assuming you are using IIS and asp.net in the usual fashion you must have an asp.net account under which the framework executes your application on your behalf.
好的,假设您以通常的方式使用IIS和asp.net,您必须拥有一个asp.net帐户,框架在该帐户下代表您执行您的应用程序。
The web application runs under a single account and through authentication users are programmatically granted access to do things that your "master account" carries out on their behalf.
Web应用程序在单个帐户下运行,通过身份验证,用户可以通过编程方式获得访问权,以执行“主帐户”代表他们执行的操作。
Think of it as looking something like this ....
把它想象成这样......
Asp.net loads your app (asp account) User connects (iuser account) User logs in (? depending on account used could be windows auth or forms auth, ect)
Asp.net加载你的应用程序(asp帐户)用户连接(iuser帐户)用户登录(?取决于使用的帐户可能是Windows身份验证或表单身份验证,等)
User requests to do something using your rendered web pages under their accounts ...
用户请求使用您帐户下呈现的网页执行某些操作...
asp.net checks user has permission to perform operation (asp.net acount) if user can do this asp.net acts on requested action (asp.net account)
asp.net检查用户是否有权执行操作(asp.net acount)如果用户可以执行此操作,asp.net会对请求的操作执行操作(asp.net帐户)
Therefore ... You should already have the relevant permissions in that asp.net account to do what you need to do.
因此......您应该已经拥有该asp.net帐户中的相关权限,以执行您需要执行的操作。
There is a level above all that too ... the IIS server itself runs under the system / network service account normally.
最重要的是...... IIS服务器本身通常在系统/网络服务帐户下运行。
So the question is really ... How do you want to grant the permissions to a possible user to write to the server.
所以问题是......你想如何授予可能的用户写入服务器的权限。
Have a look at the membership provider and roleprovider classes in the framework you should be able to inherit those and create an ActiveDirectoryRoleProvider and ActiveDirectoryMembershipProvider class that would authenticate based on role membership of users in AD, or if you prefer just authenticate against a DB with the basic asp.net provider classes.
查看框架中的成员资格提供程序和roleprovider类,您应该能够继承这些类,并创建一个ActiveDirectoryRoleProvider和ActiveDirectoryMembershipProvider类,它将根据AD中用户的角色成员身份进行身份验证,或者如果您更喜欢仅对数据库进行身份验证。基本的asp.net提供程序类。
Hope this helps.
希望这可以帮助。
#2
0
You need to edit a config file in %windir%\Microsoft.NET\Framework{Version}\
您需要在%windir%\ Microsoft.NET \ Framework {Version}中编辑配置文件