asp.net uploadfile control 问题（最终解决了，８５楼）

典

原帖由 乱码 于 2011-3-9 15:22 发表
大家先不要讨论permission的问题，先看看httpcontext中的id是什么，这两天我挺闲，刚才手动做了下实验，

1. HttpContext.Current.User.Identity.Name这个东西在vs2010模拟环境下(push f5),可以正确显示我的\,但一旦deploy到 ...

In IIS you need to disable anonimous ( or other authentication)...Only keep windows authentication

典

Hi Mate,

I've done a test with you code, no problem here
My machine
webserver (IIS 7 -- only allow windows authentication)
file server (shared --- with sharing permission of write/read)


If I change the fileserver permission of sharing ( to read only), it shows access denied


with ASp.Net 2008  web application

atransformer

原帖由 典 于 2011-3-9 16:19 发表


Sure you sharing to everyone with read/write ??????


I just done a test. copied your code. (VS2008)

The permission of "sharing" made that error happen. Otherwise, upload successful

sharing 没有 read/write选项， 我给了full control

atransformer

原帖由 典 于 2011-3-9 16:31 发表


In IIS you need to disable anonimous ( or other authentication)...Only keep windows authentication

already done this. SAME

atransformer

原帖由 乱码 于 2011-3-9 16:22 发表
大家先不要讨论permission的问题，先看看httpcontext中的id是什么，这两天我挺闲，刚才手动做了下实验，

1. HttpContext.Current.User.Identity.Name这个东西在vs2010模拟环境下(push f5),可以正确显示我的\,但一旦deploy到 ...

参看 典 的解释

乱码

原帖由 典 于 2011-3-9 16:31 发表


In IIS you need to disable anonimous ( or other authentication)...Only keep windows authentication

yes, if i put in   
   <authorization>
      <deny users="?"/>
    </authorization>

"Access is denied." It means it's anonymous user, i thought
1. <authentication mode="Windows"/> in app folder
2. <add name="WindowsAuthentication" type="System.Web.Security.WindowsAuthenticationModule" /> in <httpmodules> block in web.config in system root folder

take care of windows authentication.

did I miss something?

乱码

right, I've configured IIS,it's working like a charm(domain user part). moving on to the permission part.

atransformer

存到ｌｏｃａｌ　ｆｏｌｄｅｒ，另写个FileSystemWatcher  console．　拷贝到ＵＮＣ．　

ｓｏ　ｆｒｕｓｔｒａｔｉｎｇ．

乱码

原帖由 atransformer 于 2011-3-9 17:26 发表
存到ｌｏｃａｌ　ｆｏｌｄｅｒ，另写个FileSystemWatcher  console．　拷贝到ＵＮＣ．　

ｓｏ　ｆｒｕｓｔｒａｔｉｎｇ．

我根本没设domain user在我local folder的permission，用我们同事的domain username login过来也能存，神了！！

atransformer

原帖由 乱码 于 2011-3-9 17:33 发表


我根本没设domain user在我local folder的permission，用我们同事的domain username login过来也能存，神了！！

告诉你们搞　ｓｅｃｕｒｉｔｙ的，自尽吧

典

我又做了些测试
如果file server文件夹的Sharing / Security 都设为everyone read/write, 没有问题,如果没有write, 则显示access denied

如果file server文件夹的Sharing / Security 都设为我本人的login read/write read/write, access denied

看到 http://aspalliance.com/336_Uploa ... n_and_UNC_Share.all
如果在Webserver里做个map, 比如map share folder to H
然后saveas("h:\aaa.pdf"),结果可能不同

或者在IIS设个Virsual Folder, 指向sharedfolder,结果又应不同

atransformer

原帖由 典 于 2011-3-9 19:00 发表
我又做了些测试
如果file server文件夹的Sharing / Security 都设为everyone read/write, 没有问题,如果没有write, 则显示access denied

如果file server文件夹的Sharing / Security 都设为我本人的login read/writ ...

是过用virtual server, 结果一样。 folder map, 我感觉应该没区别。 不过谢谢哥们，真热心！

典

Kao
To the file server(file1) shared folder
After I grant write accress to file1\users (not domain user, only local users), both of sharing permission and security,
everything is OK now.

atransformer

原帖由 典 于 2011-3-10 10:08 发表
Kao
To the file server(file1) shared folder
After I grant write accress to file1\users (not domain user, only local users), both of sharing permission and security,
everything is OK now.

ｔｈｉｓ　ｉｓ　ａ　ｈｕｇｅ　ｓｅｃｕｒｉｔｙ　ｈｏｌｅ．　ｎｏ　ｗｏｎｄｅｒ　ａｌｌ　ｓｅｃｕｒｉｔｙ　ｇｕｙｓ　ｈａｔｅ　ｕｓ　

典

原帖由 atransformer 于 2011-3-10 09:30 发表


ｔｈｉｓ　ｉｓ　ａ　ｈｕｇｅ　ｓｅｃｕｒｉｔｙ　ｈｏｌｅ．　ｎｏ　ｗｏｎｄｅｒ　ａｌｌ　ｓｅｃｕｒｉｔｙ　ｇｕｙｓ　ｈａｔｅ　ｕｓ　

Shame to Microsoft
The problem was there for so many years. No one identified the issue.

If I were you I would go ahead like that. Who knows.
We have SOX-Compliance, but I still can see some security holes somewhere.

But if you have sesitive document there, that is another story.

[ 本帖最后由 典 于 2011-3-10 09:52 编辑 ]

atransformer

恩。

问题复杂了以后，微软就很难全面考虑了。　

这个问题难就难在我的要求。　要知道谁访问的，就要用ｎｅｔｗｏｒｋ　ｓｅｒｖｉｃｅ．　而这个ａｃｃｏｕｎｔ　又是个　ｌｏｃａｌ　ａｃｃｏｕｎｔ．　　ｌｏｃａｌ　ａｃｃｏｕｎｔ　有不容易给权限访问　ｎｅｔｗｏｒｋ　ｒｅｓｏｕｒｃｅ．　难啊　　

原帖由 典 于 2011-3-10 10:50 发表


Shame to Microsoft
The problem was there for so many years. No one identified the issue.

If I were you I would go ahead like that. Who knows.
We have SOX-Compliance, but I still can see some securi ...

典

This solution maybe good. I have done test
1) Grant read/write permission to fileserver\users  ---Security & sharing
2) Deny those users you don't want them to see the folder.

For example, I denied my self to the folder
So I cannot access \\fileserver\myfolder
But I am able to upload with the webpage

From the web page, you still able to log all visitors (who/when/what) with the settings you done before.

[ 本帖最后由 典 于 2011-3-10 10:11 编辑 ]

atransformer

原帖由 典 于 2011-3-10 11:09 发表

This solution maybe good. I have done test
1) Grant read/write permission to fileserver\users  ---Security & sharing
2) Deny those users you don't want them to see the folder.

For exampl ...

非常谢谢建议。
试过“ Grant read/write permission to fileserver\users”了，结果一样。　我决定，第二套方案了。　　

典

原帖由 atransformer 于 2011-3-10 10:32 发表


非常谢谢建议。
试过“ Grant read/write permission to fileserver\users”了，结果一样。　我决定，第二套方案了。　　

Good luck,
It's a good learning experience for me.

atransformer

原帖由 典 于 2011-3-10 11:37 发表


Good luck,
It's a good learning experience for me.

ｍｅ　ｔｏｏ．　ａｌｔｈｏｕｇｈ　ｈａｖｅ　ｔｏ　ｂｙｐａｓｓ　ｔｈｉｓ　ｉｓｓｕｅ，　ｂｕｔ　ｉ＇ｖｅ　ｔｒｕｅｌｙ　ｌｅａｒｎｔ　ａ　ｌｏｔ．　
向各位高手致敬！！　（乱码，啥时候有时间告诉我）

乱码

原帖由 atransformer 于 2011-3-10 11:42 发表


ｍｅ　ｔｏｏ．　ａｌｔｈｏｕｇｈ　ｈａｖｅ　ｔｏ　ｂｙｐａｓｓ　ｔｈｉｓ　ｉｓｓｕｅ，　ｂｕｔ　ｉ＇ｖｅ　ｔｒｕｅｌｙ　ｌｅａｒｎｔ　ａ　ｌｏｔ．　
向各位高手致敬！！　（乱码，啥时候有时间告诉我）

same here :) u guys rock!!!

I'll let u know, maybe next week.

atransformer

http://msdn.microsoft.com/en-us/ ... ht000023_delegation

等有时间，我一定研究一下，这个　delegation　怎么玩

乱码

原帖由 atransformer 于 2011-3-10 11:46 发表
http://msdn.microsoft.com/en-us/ ... ht000023_delegation

等有时间，我一定研究一下，这个　delegation　怎么玩

u tell us about it

atransformer

原帖由 乱码 于 2011-3-10 11:52 发表


u tell us about it

‘ｉ　ｓｈａｌｌ　ｒｅｔｕｒｎ’　

atransformer

最终解决了。用ｗｉｎｄｏｗ　ＡＰＩ　impersonate　感谢国家！！　感谢各位前辈，大老，牛仁！！

http://msdn.microsoft.com/en-us/library/chf6fbt4.aspx

　　　　　 if (impersonateValidUser("anormalusername", ourDomain", "theuserspassword"))
                    {                     
                        FileUpload1.SaveAs(@"\\file1\IntResearch\" + FileUpload1.FileName);

                        undoImpersonation();
                        Label_Msg.Text = "File: " + FileUpload1.PostedFile.FileName + @" uploaded to \\file1\IntResearch\";
                    }

flyspirit

恭喜一下， 但你如果configure不能成功， 用动态impersonate怎么可能成功呢？

atransformer

原帖由 flyspirit 于 2011-3-11 15:38 发表
恭喜一下， 但你如果configure不能成功， 用动态impersonate怎么可能成功呢？

不知道啊

flyspirit

原帖由 atransformer 于 2011-3-11 16:40 发表


不知道啊

奇怪， 不管怎样， 成功就好。