我有asp.net网站,并尝试以身份使用我的用户名和密码来访问服务器中的共享文件夹时,它工作正常,可以让我检查登录用户对文件夹的权限,但是如果我尝试使用服务帐户,则域管理员还会给出“尝试执行未经授权的操作”。在DirectorySecurity上dirSec = Directory.GetAccessControl(folder);
<identity impersonate="true" userName="DomainUser" password="Password"/>
当我登录该服务帐户时,它具有对所有这些文件夹的完全控制访问权限。
public string GetFolderPermissions(string folder, string user) {
string permissionShort = string.Empty;
string executingUser = user;
NTAccount acc = new NTAccount(executingUser);
SecurityIdentifier secId = acc.Translate(typeof(SecurityIdentifier)) as SecurityIdentifier;
DirectorySecurity dirSec = Directory.GetAccessControl(folder);
AuthorizationRuleCollection authRules = dirSec.GetAccessRules(true, true, typeof(SecurityIdentifier));
foreach(FileSystemAccessRule ar in authRules) {
if(secId.CompareTo(ar.IdentityReference as SecurityIdentifier) == 0) {
var fileSystemRights = ar.FileSystemRights;
permissionShort += ((ar.FileSystemRights & FileSystemRights.FullControl) == FileSystemRights.FullControl) ? "F" : "-";
permissionShort += ((ar.FileSystemRights & FileSystemRights.Write) == FileSystemRights.Write) ? "W" : "-";
permissionShort += ((ar.FileSystemRights & FileSystemRights.Read) == FileSystemRights.Read) ? "R" : "-";
permissionShort += ((ar.FileSystemRights & FileSystemRights.ReadAndExecute) == FileSystemRights.ReadAndExecute) ? "A" : "-";
permissionShort += ((ar.FileSystemRights & FileSystemRights.ListDirectory) == FileSystemRights.ListDirectory) ? "L" : "-";
permissionShort += ((ar.FileSystemRights & FileSystemRights.Modify) == FileSystemRights.Modify) ? "M" : "-";
permissionShort += ((ar.FileSystemRights & FileSystemRights.ExecuteFile) == FileSystemRights.ExecuteFile) ? "E" : "-";
permissionShort += "\n";
}
}
return permissionShort;
}
我不明白。