Active Directory,Windows 8
如果我使用用户“ xxx”登录并使用以下代码运行应用程序:
//WindowsIdentity.GetCurrent().Name - is "MyDomain\xxx";
var connectionOptions = new ConnectionOptions
{
EnablePrivileges = true,
Impersonation = ImpersonationLevel.Impersonate
};
var scope = new ManagementScope(
string.Format("\\\\{0}\\root\\CIMV2", computerName),
connectionOptions);
scope.Connect();
效果很好。
然而,当我在同一个mashine上的IIS中运行此代码时,却出现异常:
// WindowsIdentity.GetCurrent().Name - is "NT AUTHORITY\SYSTEM" or "IIS APPPOOL\DefaultAppPool", tryed both
var windowsIdentity = User.Identity as WindowsIdentity;
if (windowsIdentity != null)
{
using (windowsIdentity.Impersonate())
{
// WindowsIdentity.GetCurrent().Name - is "MyDomain\xxx";
var connectionOptions = new ConnectionOptions
{
EnablePrivileges = true,
Impersonation = ImpersonationLevel.Impersonate
};
var scope = new ManagementScope(
string.Format("\\\\{0}\\root\\CIMV2", computerName),
connectionOptions);
scope.Connect();
// throws exception "Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))"
// my other code here
}
}
使用的Windows身份验证:
<authentication mode="Windows" />
<identity impersonate="false" />
尝试将AppPool作为ApplicationPoolIdentity和系统运行。尝试为AppPool授予“充当操作系统的一部分”的权限。结果是一样的,我总是收到“访问被拒绝”的信息。
为什么我有这个例外?我是否应该做其他事情,而不只是模仿或授予AppPool某些特权?
您需要在Active Directory中配置计算机帐户的委派