IIS7 Accessing Network Share

后端 未结 3 525
我寻月下人不归
我寻月下人不归 2020-12-02 15:59

I am running IIS 7 on Windows Server 2008 R2 with PHP 5.4. One of my PHP scripts is trying to access a file on a protected network share using a UNC path. How can I change

相关标签:
3条回答
  • 2020-12-02 16:26

    For IIS 7 running on Windows Server 2008 R2 ... In the IIS Manager, select the Application Pool under which your Web Site is running.

    Click "Advanced Settings". There will be an entry for Identity (it is under the Process Model section). Click it, provide credentials for your account that has permission to access the share.

    UPDATE

    You should make sure that if you are using an Active Directory Domain Account, you provided that correctly under Identity for the running App Pool. For example, MYDOMAIN\myAccount.

    After making this change, you will need to do the following:

    1. Stop the Web Site.
    2. Recycle your Application Pool.
    3. Start the Web Site.

    UPDATE II

    From the comment discussion on this answer, @HydroPowerDeveloper was able to get the PHP script to be able to access the network share via UNC path using WebSite -> Basic Settings -> "Connect As" and setting the credentials there.

    In the past, I have always used the approach of setting Identity via Application Pool and that has allowed my code to access Network shares via UNC path.

    However, all of the sites/applications I have deployed on IIS are .NET based WCF or ASPX sites.

    I would speculate (but am not 100% certain on this, would need research/testing to confirm) that the Identity specified in the Application Pool is used by executing .NET code, whereas the "Connect As" is used by the PHP script.

    0 讨论(0)
  • 2020-12-02 16:45

    To resurrect an old question...

    I've just been setting up a Win 2016 server that uses some Perl to access a UNC share. I set the Application Pool to an account that I verified had the correct permissions on that share. I then set up my site to 'Connect as...' (under 'Basic Settings') the same user. I still couldn't get access working.

    Much head scratching later, I realised that my 'Virtual Directory', cgi-bin, was running under the original 'pass through' account. I then set up the virtual directory to 'Connect as...' the same account as the site and the application pool and, bingo, it all works fine.

    So, remember to update any Virtual Directories as well as the site and App Pool...

    0 讨论(0)
  • 2020-12-02 16:49

    Generally the Application Pool is set using the least amount of privileges as possible.

    http://msdn.microsoft.com/en-us/library/ff647402.aspx

    The easiest route is to allow access to the current IIS account.

    In Explorer, navigate to the shared directory.

    Right Click -> Properties -> Security

    If you don't see the expected IIS user in the list (Group or user names), edit and add the user as required.

    I used "NETWORK SERVICE" -> Check names.

    The detailed instructions are on that site.

    In this way, the system is still restricted, we're ONLY allowing access to specific directories, we don't need to create any new users, we don't need to recycle the application pool and we don't need to perform any nifty impersonation code.

    0 讨论(0)
提交回复
热议问题