1
當前的設置是這樣的,服務器A承載電子服務,服務器B是本地和內部服務器。我想,以顯示服務器A,其中服務器A從服務器B獲得瀏覽器的PDF文件訪問被拒絕從另一個域上的另一臺服務器的PDF文件C#asp.net?
現在服務器A不在同一個域或組作爲服務器B.
,當我訪問服務器A和在文件瀏覽器「\\ serverB \ folder \ file.pdf」中鍵入路徑,我可以打開它並查看它。
當我與Visual Studio調試然後將下面的代碼工作正常,也並查看文件:
Response.ClearContent();
Response.ClearHeaders();
Response.AddHeader("Content-Disposition", "inline;filename=" + fpath);
Response.ContentType = "application/pdf";
Response.WriteFile(fpath);
Response.Flush();
Response.Clear();
其中fpath是文件路徑。
但是,當我嘗試從瀏覽器訪問它,我得到的訪問被拒絕錯誤。
我通過下面的代碼試圖模擬:
public class Impersonation
{
[DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern bool LogonUser(String lpszUsername, String lpszDomain, String lpszPassword,
int dwLogonType, int dwLogonProvider, out SafeTokenHandle phToken);
[DllImport("kernel32.dll", CharSet = CharSet.Auto)]
public extern static bool CloseHandle(IntPtr handle);
// Test harness.
// If you incorporate this code into a DLL, be sure to demand FullTrust.
[PermissionSetAttribute(SecurityAction.Demand, Name = "FullTrust")]
public WindowsImpersonationContext ImpersonateUser(string domain , string user, string pass)
{
SafeTokenHandle safeTokenHandle;
try
{
// Get the user token for the specified user, domain, and password using the
// unmanaged LogonUser method.
// The local machine name can be used for the domain name to impersonate a user on this machine.
//Console.Write("Enter the name of the domain on which to log on: ");
// Call LogonUser to obtain a handle to an access token.
bool returnValue = LogonUser(user, domain, pass,
LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT,
out safeTokenHandle);
if (false == returnValue)
{
int ret = Marshal.GetLastWin32Error();
throw new System.ComponentModel.Win32Exception(ret);
}
using (safeTokenHandle)
{
// Use the token handle returned by LogonUser.
using (WindowsIdentity newId = new WindowsIdentity(safeTokenHandle.DangerousGetHandle()))
{
using (WindowsImpersonationContext impersonatedUser = newId.Impersonate())
{
return newId.Impersonate();
}
}
// Releasing the context object stops the impersonation
}
}
catch (Exception ex)
{
}
return null;
}
}
public sealed class SafeTokenHandle : SafeHandleZeroOrMinusOneIsInvalid
{
private SafeTokenHandle()
: base(true)
{
}
[DllImport("kernel32.dll")]
[ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)]
[SuppressUnmanagedCodeSecurity]
[return: MarshalAs(UnmanagedType.Bool)]
private static extern bool CloseHandle(IntPtr handle);
protected override bool ReleaseHandle()
{
return CloseHandle(handle);
}
}
,並用它作爲這樣的:
Impersonation impersonate = new Impersonation();
using (System.Security.Principal.WindowsImpersonationContext impUser = impersonate.ImpersonateUser("Domain", "User", "Password"))
{
bool endResponse = false;
try
{
byte[] b = null;
using (System.IO.FileStream fs = System.IO.File.OpenRead(fpath))
{
b = new byte[fs.Length];
fs.Read(b, 0, b.Length);
}
Response.AddHeader("Content-Type", "application/pdf");
Response.AddHeader("Content-Disposition", "attachment;filename=Report.pdf");
Response.OutputStream.Write(b, 0, b.Length);
Response.Flush();
Response.Close();
endResponse = true;
}
catch (Exception ex)
{
throw;
}
finally
{
}
if (endResponse)
Response.End();
}
調試時它不檢索所需的用戶,但服務器A的用戶,而不是,而是與視覺工作室,它的工作,並沒有拋出錯誤,但是,當從Web瀏覽器訪問它仍然會引發錯誤。