iis 模拟_使用IIS设置在.Net中模拟

iis 模拟

We can implement the Impersonation in an ASP.Net application based on the requirement for running an request under specific account else only the piece of business logic under specifc account (i.e Mainly used to access the network resources at runtime) other than the service account.

我们可以根据在特定帐户下运行请求的要求，在ASP.Net应用程序中实现模拟，也可以仅在特定帐户（即，主要用于在运行时访问网络资源）下的业务逻辑（而不是服务帐户）下运行该业务逻辑。

Implementation of the impersonation in an application can be achieved by configutaion at the application level (Web.Config , IIS) else code level (.CS , .VB etc files) implementation using the WindowsIdentity.Impersonate method to switch for specific account at runtime and return back to the account it’s switched to the process the request.

可以通过使用WindowsIdentity.Impersonat在应用程序级别（Web.Config，IIS）或其他代码级别（.CS，.VB等文件）实现配置来实现应用程序中模拟的实现。 一种在运行时切换特定帐户并返回到已切换到处理请求的帐户的方法。

In general, ASP.Net application runs under “Network Service” account which is the configured in the Identity section of the application pool to which the virtual directory or web site configured.

通常，ASP.Net应用程序在“网络服务”帐户下运行，该帐户是在配置了虚拟目录或网站的应用程序池的“标识”部分中配置的。

Fig : 1

图。1

In the above picture it’s defined to run under “Network Service” and the same can be configured to use the different account and the pre-condition it needs is that the Account have to be under the “IIS_WPG” user group of the machine and “Network Servcie” is added to the group by default.

在上图中，它被定义为在“网络服务”下运行，并且可以将其配置为使用不同的帐户，并且前提条件是该帐户必须在计算机的“ IIS_WPG”用户组下，并且“默认情况下，“网络服务”已添加到该组。

Fig : 2

图：2

ASP.NET does not use impersonation by default and code runs using the ASP.NET application's process identity. We can use the delegation to use impersonation token to access network resources and the ability to use delegation depends on your selected authentication mechanism and appropriate account configuration.

默认情况下，ASP.NET不使用模拟，并且代码使用ASP.NET应用程序的进程标识运行。 我们可以使用委托来使用模拟令牌来访问网络资源，并且使用委托的能力取决于您选择的身份验证机制和适当的帐户配置。

We are enabling the access to the resource through an account, it is mandatory to check with the privileages provided to the account on accessing the resources across the network, It will give access to the unauthorized users and make sure the access control list (ACL) have identified for the account to that grants access to the process identity.

我们正在通过帐户启用对资源的访问，在通过网络访问资源时，必须检查提供给该帐户的特权，这将为未授权用户提供访问权限并确保访问控制列表（ACL）已为该帐户标识了授予对流程标识的访问权限。

It's important to understand the Access privileges needed for the account which runs the show of the Asp.Net application from the below link, here the details list of permission needed for the ASP.NET account for the file and folder permissions to function properly.

从下面的链接了解运行Asp.Net应用程序展示的帐户所需的访问权限，这一点很重要，这里是ASP.NET帐户正常运行所需的权限详细信息列表。

Permissions are required only by the account that the ASP.NET process is running as, while others are required by any impersonated account also

仅运行ASP.NET进程的帐户需要权限，而任何模拟帐户也需要其他权限

ASP.NET Required Access Control Lists (ACLs)

ASP.NET必需的访问控制列表（ACL）

64bit OS

64位操作系统

if you're running on the 64bit OS. It's mandatory that the account should have the permission to folder "%SystemRoot%\Microsoft.NET\Framework64\" in addition to the "%SystemRoot%\Microsoft.NET\Framework\" folder.

如果您在64位操作系统上运行。 该帐户必须具有文件夹“％SystemRoot％\ Microsoft.NE”的权限， T \ Framewor k64 \”以及“％SystemRoot％\ Microsoft.NE T \ Framewor k \”文件夹。

For further and indepth reading, suggest : http://msdn.microsoft.com/en-us/library/xh507fc5(v=vs.100).aspx along with the various links.

有关进一步和深入的阅读，建议： http : //msdn.microsoft.com/zh-cn/library/xh507fc5( v=vs.100) .aspx以及各种链接。

Impersonation-in-.Net-With-IIS-S.docx 使用IIS-.net进行模拟

翻译自: https://www.experts-exchange.com/articles/10603/Impersonation-in-Net-With-IIS-Settings.html

iis 模拟