问题描述
的请注意:在每一步中我描述了下面,我登录的同域用户帐户的
我有控制远程计算机上的服务(通过的)。当我连接到远程网站,并试图控制服务,我得到一个InvalidOperationException:访问被拒绝
I have a web application that controls a service on a remote machine (via ServiceController). When I connect to the website remotely and attempt to control the service, I get an InvalidOperationException: Access is denied.
我知道它的 CAN 的工作,因为当我连接到该网站从Web服务器(远程桌面登录我的域用户,然后打开网页),它按预期工作。
I know it CAN work, because when I connect to the website from the web server (remote desktop in, login as my domain user, then open the webpage), it works as expected.
我已经配置IIS和ASP.NET要求Windows身份验证和模拟。我登录了当前线程的主体时失败,我看到线程下我的身份我是否远程或从服务器本身运行的连接。
I have configured IIS and ASP.NET to require windows authentication and impersonation. I log the current thread's principal when this fails, and I see that the thread is running under my identity whether I'm connecting remotely or from the server itself.
我试图迫使IIS在同一时间使用Kerberos身份验证,NTLM身份验证,两者;我的委托人是否报告其为协商或NTLMAuthenticationType没关系。他们没有当我远程连接(从我的本地机器)工作
I have tried forcing IIS to use Kerberos authentication, NTLM authentication and both at the same time; whether my principal reports its AuthenticationType as "Negotiate" or "NTLM" it doesn't matter. None of them work when I connect remotely (from my local machine)
这个ANOTHER奇怪的是,如果我的调试从我的本地机器/连接到远程服务器,它屡试不爽!但我不会调试,它不能每一次!
ANOTHER weird thing about this is that if I'm debugging from my local machine/connecting to the remote server, it works every time! But I'm NOT debugging, it fails every time!
在到底有什么可以怎么回事?
What in the heck could be going on here?
推荐答案
您的情况是代表团,而不是模仿。代表团是很难达到的,它依赖于那些做对了很多事情。
Your scenario is delegation and not impersonation. Delegation is hard to achieve and it depends on many thing that are done right.
一个开始的地方会
是对古都问题的非常有用的资源。
David Wang blog is a very useful resource on thous issues.
这篇关于从IIS在远程服务器上控制服务的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!