On our 2003 servers, we have a website running using the standard IUSR
anonymous access.
Inside this开发者_如何学Go site are several virtual directories, all pointing to the same physical directories on the local web servers (that way we only have one codebase to update when we upgrade all of our customers).
Inside each of these vdirs, we created another vdir that points to a DFS network share. When we set up these vdirs, we explicitly told them to Connect As a domain user that has all the required security/permissions for the DFS share.
But every time we try to load the web page, the Server.Execute
we do on a file on the DFS share fails.
When I turn auditing on for the DFS directory, I see two failure audits, both of which say it was the IUSR
account trying to make the connection to the DFS share.
Why is this happening when we explicitly told the vdir to Connect As a specific domain user?
Does Server.Execute
run under different credentials than what you tell the site to always connect to the remote directory as?
Inside each of these vdirs, we created another vdir that points to a DFS network share. When we set up these vdirs, we explicitly told them to Connect As a domain user that has all the required security/permissions for the DFS share.
This applies only to file security, and does not change the account which IIS impersonates.
By default the Default Application Pool uses NETWORK SERVICE as it's security account and impersonates IUSR_MACHINENAME.
Make sure NT AUTHORITY\NETWORK SERVICE has Full Control of any mapped folders.
http://www.serverwatch.com/tutorials/article.php/10825_3595486_2/Migrating-to-a-Load-Balanced-IIS-6-Environment.htm
精彩评论