401 Unauthorized when custom IHttpHandler tries to

2019-07-20 14:32发布

问题:

I have a custom IHttpHandler, specified in web.config as follows:

<httpHandlers>
  <add verb="*" path="*.html" validate="true" type="PipingRedirectHandler" />
  <add verb="*" path="*.htm" validate="true" type="PipingRedirectHandler" />
</httpHandlers>

In IIS 7 (on Win 2008 R22) I added handler mappings with Path: *.html/*.htm and executable: %windir%\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll.

I also have a virtual directory mapped to a windows share on another machine, Alias: ClientFiles, Physical path: \\othermachine\ClientFiles. I have this virtual directory set to "Connect As" a domain user that has full control access (read, write, execute, etc.) to the share, but everything else about the website, the app pool identity, the connect to physical path of the rest of the site, etc. are all default (ApplicationPoolIdentity).

My IHttpHandler works fine with any local html files on the website, and all my css and images on the ClientFiles virtual directory work perfectly, too. The only problem is when I'm trying to read a html file from the virtual directory. I get HTTP 401 Unauthorized errors when trying to do so.

I figured it was that the local ASP.Net ISAPI was trying to load the file directly and not honouring the "Connect As" setting for the virtual directory, so I changed the app pool's identity to the same domain user that has access, and everything seems to work.

I'm just wondering:

  • Is this normal?
  • Why would it not use the user specified in the virtual directory settings?
  • Have I worked around the problem in an appropriate way?

I believe security is slightly diminished by setting the app pool to use a domain user, and would prefer not to.