C# 当我设置 IIS 池的 LoadUserProfile 时究竟会发生什么?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/17149132/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
What exactly happens when I set LoadUserProfile of IIS pool?
提问by sharptooth
I faced the following issue.
我遇到了以下问题。
I run the following code
我运行以下代码
var binaryData = File.ReadAllBytes(pathToPfxFile);
var cert = new X509Certificate2(binaryData, password);
in two processes. One of the processes runs under LOCAL_SYSTEMand there this code succeeds. Another one runs inside IIS under a local user account belonging to "Users" local group and there I get the following exception:
在两个过程中。其中一个进程在下面运行,LOCAL_SYSTEM并且此代码成功。另一个在属于“用户”本地组的本地用户帐户下在 IIS 内运行,在那里我得到以下异常:
System.Security.Cryptography.CryptographicException
Object was not found.
at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)
at System.Security.Cryptography.X509Certificates.X509Utils._LoadCertFromBlob(Byte[] rawData, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle& pCertCtx)
at System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromBlob(Byte[] rawData, Object password, X509KeyStorageFlags keyStorageFlags)
at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(Byte[] rawData, String password)
//my code here
So I Googled a bit and found this answerto a kind of similar question. I tried to enable LoadUserProfilefor the application pool and it works now.
所以我用谷歌搜索了一下,找到了一个类似问题的答案。我尝试启用LoadUserProfile应用程序池,现在可以使用了。
The problem is I don't get what exactly happens when I set LoadUserProfileand what consequences that might have. I mean if it's a "good" thing then why it is not "on" by default and why is it there after all?
问题是我不知道我设置时究竟会发生LoadUserProfile什么以及可能会产生什么后果。我的意思是,如果这是一件“好”的事情,那么为什么默认情况下它没有“开启”,为什么它在那里呢?
What exactly happens when I set LoadUserProfilein IIS pool and what negative consequences can it have?
当我LoadUserProfile在 IIS 池中设置时究竟会发生什么以及它会产生什么负面后果?
采纳答案by vcsjones
I mean if it's a "good" thing then why it is not "on" by default and why is it there after all?
我的意思是,如果这是一件“好”的事情,那么为什么默认情况下它没有“开启”,为什么它在那里呢?
IIS 6 never loaded user profiles. I would assume this is off by default to keep the behavior consistent, and an administrator has to opt-in to it.
IIS 6 从不加载用户配置文件。我认为默认情况下这是关闭的以保持行为一致,并且管理员必须选择加入。
I tried to enable LoadUserProfile for the application pool and it works now.
我尝试为应用程序池启用 LoadUserProfile,现在它可以工作了。
This is most likely because the Windows Cryptographic Service Provider was trying to store or load a key for your certificate in the user store, and since a profile was not available, a cryptographic contextwas not available. Note that the Load User Profilesetting only applies to user accounts. Service Accounts like NETWORK SERVICE and ApplicationPoolIdentity have special handling.
这很可能是因为 Windows 加密服务提供程序试图在用户存储中存储或加载您的证书的密钥,并且由于配置文件不可用,加密上下文不可用。请注意,该Load User Profile设置仅适用于用户帐户。像 NETWORK SERVICE 和 ApplicationPoolIdentity 这样的服务帐户有特殊处理。
What exactly happens when I set LoadUserProfile in IIS pool
当我在 IIS 池中设置 LoadUserProfile 时到底发生了什么
Well, the user profile is loaded. This includes their cryptographic store, environment variables such as %TEMP%, and other ones.
好了,用户配置文件已加载。这包括他们的加密存储、环境变量(如 %TEMP%)和其他变量。
What it eventually boils down to is LoadUserProfileis called by IIS when the AppPool starts.
它最终归结为LoadUserProfile在 AppPool 启动时被 IIS 调用。
what negative consequences can it have?
它会产生什么负面后果?
It may break backwards compatibility with an app that ran on IIS 6, which didn't load the user profile. The environment variables are loaded. For example, when Load User Profile is true, the %TEMP% environment variable is C:\Users\AccountName\AppData\Local\Temp(for example). When false, it's C:\WINDOWS\Temp.
它可能会破坏与在 IIS 6 上运行的应用程序的向后兼容性,该应用程序未加载用户配置文件。环境变量已加载。例如,当 Load User Profile 为 true 时,%TEMP% 环境变量为C:\Users\AccountName\AppData\Local\Temp(例如)。当为假时,它是C:\WINDOWS\Temp。
