473,695 Members | 2,708 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

IIS6 & ASP: accessing network files with FSO fails

after spending countless hours trying, i give up and hope to get some help
in here.

on server1 i got the web myweb.com with my test.asp. in the test.asp, i'm
trying to read a file from an UNC path with a FSO:
Set myFile =
Server.CreateOb ject("Scripting .FileSystemObje ct").GetFile("\ \server2\myshar e\myfile.txt")
this fails with an Permission Denied.

here's the deal:
- server1 & server2 are members of a domain
- iis6 is used with asp (not .net)
- myweb.com runs in the context of a domain user (my admin account even, for
testing purposes)
- the unc share has full rights to Everyone
- the file permissions on server2 are set to full rights to Everyone
- i can successfully read the file *with the same code* in a test.vbs
- if i set up a virtual folder to the unc path using "connect as" within the
iis6, i can browse the remote files with my webbrowser - but the asp code
still fails.

this is driving me crazy. all howtos, posts and pages i found tell me to run
the web as a domain user with sufficient rights -- this is what i'm doing,
but it just won't work!

any help is greatly appreciated!
- thomas
Jul 22 '05 #1
36 16385
On Mon, 21 Mar 2005 04:18:23 +0100, "Thomas" <me@alternize.c om> wrote:
after spending countless hours trying, i give up and hope to get some help
in here.

on server1 i got the web myweb.com with my test.asp. in the test.asp, i'm
trying to read a file from an UNC path with a FSO:
Set myFile =
Server.CreateO bject("Scriptin g.FileSystemObj ect").GetFile(" \\server2\mysha re\myfile.txt")
this fails with an Permission Denied.

here's the deal:
- server1 & server2 are members of a domain
- iis6 is used with asp (not .net)
- myweb.com runs in the context of a domain user (my admin account even, for
testing purposes)
- the unc share has full rights to Everyone
- the file permissions on server2 are set to full rights to Everyone
- i can successfully read the file *with the same code* in a test.vbs
- if i set up a virtual folder to the unc path using "connect as" within the
iis6, i can browse the remote files with my webbrowser - but the asp code
still fails.

this is driving me crazy. all howtos, posts and pages i found tell me to run
the web as a domain user with sufficient rights -- this is what i'm doing,
but it just won't work!


You post lots of details, but you left out the most important one --
Just exactly what does "fails" and "won't work" mean?

Jeff

Jul 22 '05 #2
basically, everything in ASP that incorporates FSO accessing remote UNC
paths fails - reading folders, files and writing to them fails. even a
FileExists check fails:

oFSO.FileExists ("\\server2\mys hare\myfile.txt ") returns always false -
eventhough i can access the file directly (i.e. not using oFSO).

i dont think its a problem with my code, as it works perfeclty for local
files - even when i access them through their local UNC path (i.e.
"\\server1\d$\j ustatest.txt")

so: any function trying to read/write/access remote files through an unc
path within ASP results in a "permission denied" or "file not found"
runtime error.

- thomas

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
Jul 22 '05 #3
interesting point:

the web does not allow anonymous access.

when i enable anonymous access and put in the domain account as user, my
script works. so obviously asp is not running in the web application
pool, but under a different user context (which one??) when anonymous
access is disabled.

the users logging in are domain users with full rights to the network -
so iis/asp does not seem to impersonate them either.

so the question comes down to: what user is my asp script running in
(obviously not the one from my app pool) when i disable anonymous
access? the web's w3wp.exe is running as the app pool user (my domain
account).

as a workaround i could just enable anonymous access and then check on
script basis if the user is logged in. but i somehow feel that this is
not how it should work. ;-)

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
Jul 22 '05 #4
Maybe IWAM_MachineNam e is involved here, not IUSR_MachineNam e. Have you
considered trying a mapped drive letter instead of the direct UNC share?
On 3/21/05 6:55 AM, in article OR************* *@tk2msftngp13. phx.gbl,
"thomas h" <me@alternize.c om> wrote:
interesting point:

the web does not allow anonymous access.

when i enable anonymous access and put in the domain account as user, my
script works. so obviously asp is not running in the web application
pool, but under a different user context (which one??) when anonymous
access is disabled.

the users logging in are domain users with full rights to the network -
so iis/asp does not seem to impersonate them either.

so the question comes down to: what user is my asp script running in
(obviously not the one from my app pool) when i disable anonymous
access? the web's w3wp.exe is running as the app pool user (my domain
account).

as a workaround i could just enable anonymous access and then check on
script basis if the user is logged in. but i somehow feel that this is
not how it should work. ;-)

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!


Jul 22 '05 #5
> Maybe IWAM_MachineNam e is involved here, not IUSR_MachineNam e. Have you
considered trying a mapped drive letter instead of the direct UNC share?
maped drives are only valid for logged-on users - which is not the case for
services (i.e. www).
i don't see why IWAM_... could be involved, as the application pool
explicitely specifies a (domain user) identity...

- thomas
"Aaron [SQL Server MVP]" <te*****@dnartr eb.noraa> wrote in message
news:BE643462.4 160%te*****@dna rtreb.noraa... Maybe IWAM_MachineNam e is involved here, not IUSR_MachineNam e. Have you
considered trying a mapped drive letter instead of the direct UNC share?
On 3/21/05 6:55 AM, in article OR************* *@tk2msftngp13. phx.gbl,
"thomas h" <me@alternize.c om> wrote:
interesting point:

the web does not allow anonymous access.

when i enable anonymous access and put in the domain account as user, my
script works. so obviously asp is not running in the web application
pool, but under a different user context (which one??) when anonymous
access is disabled.

the users logging in are domain users with full rights to the network -
so iis/asp does not seem to impersonate them either.

so the question comes down to: what user is my asp script running in
(obviously not the one from my app pool) when i disable anonymous
access? the web's w3wp.exe is running as the app pool user (my domain
account).

as a workaround i could just enable anonymous access and then check on
script basis if the user is logged in. but i somehow feel that this is
not how it should work. ;-)

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

Jul 22 '05 #6
> maped drives are only valid for logged-on users - which is not the case
for
services (i.e. www).
i don't see why IWAM_... could be involved, as the application pool
explicitely specifies a (domain user) identity...


Just throwing out ideas. Tough to troubleshoot when we can't see the box.
<shrug>
Jul 22 '05 #7
On Mon, 21 Mar 2005 03:55:45 -0800, thomas h <me@alternize.c om> wrote:
interesting point:

the web does not allow anonymous access.

when i enable anonymous access and put in the domain account as user, my
script works. so obviously asp is not running in the web application
pool, but under a different user context (which one??) when anonymous
access is disabled.

the users logging in are domain users with full rights to the network -
so iis/asp does not seem to impersonate them either.

so the question comes down to: what user is my asp script running in
(obviously not the one from my app pool) when i disable anonymous
access? the web's w3wp.exe is running as the app pool user (my domain
account).
Normally IUSR/IWAM or the logged in user account. This is ASP and not
..NET correct? Have you tried giving the network account access?

Jeff
as a workaround i could just enable anonymous access and then check on
script basis if the user is logged in. but i somehow feel that this is
not how it should work. ;-)

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!


Jul 22 '05 #8
this is pure asp, yep.

if you're right, this would imply asp scripts not being executed in-process
within the web. i somehow can't believe this... especially as it seems to
work when enabling anonymous access to the web. i KNOW asp.net runs within
the web application pool process and its identity. not having the same
possibility for classic asp looks like a bug or design failure to me... ;-(

also, asp not using the "connect as" identity when accessing unc virtual
folders does not make any sense. i just can not (well, i can, but i don't
want to) give iusr or iwam access to the network shares. this would other
webs allow to read & write there as well - intolerable.

thomas

"Jeff Cochran" <je*********@zi na.com> wrote in message
news:42******** *******@msnews. microsoft.com.. .
On Mon, 21 Mar 2005 03:55:45 -0800, thomas h <me@alternize.c om> wrote:
interesting point:

the web does not allow anonymous access.

when i enable anonymous access and put in the domain account as user, my
script works. so obviously asp is not running in the web application
pool, but under a different user context (which one??) when anonymous
access is disabled.

the users logging in are domain users with full rights to the network -
so iis/asp does not seem to impersonate them either.

so the question comes down to: what user is my asp script running in
(obviously not the one from my app pool) when i disable anonymous
access? the web's w3wp.exe is running as the app pool user (my domain
account).


Normally IUSR/IWAM or the logged in user account. This is ASP and not
.NET correct? Have you tried giving the network account access?

Jeff
as a workaround i could just enable anonymous access and then check on
script basis if the user is logged in. but i somehow feel that this is
not how it should work. ;-)

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

Jul 22 '05 #9
On Mon, 21 Mar 2005 16:03:34 +0100, "Thomas" <me@alternize.c om> wrote:
this is pure asp, yep.

if you're right, this would imply asp scripts not being executed in-process
within the web. i somehow can't believe this... especially as it seems to
work when enabling anonymous access to the web. i KNOW asp.net runs within
the web application pool process and its identity. not having the same
possibility for classic asp looks like a bug or design failure to me... ;-(

also, asp not using the "connect as" identity when accessing unc virtual
folders does not make any sense. i just can not (well, i can, but i don't
want to) give iusr or iwam access to the network shares. this would other
webs allow to read & write there as well - intolerable.
With Windows integrated authentication, the connection should be the
account of the logged in user. Unless your user isn't getting logged
in correctly.

Jeff

"Jeff Cochran" <je*********@zi na.com> wrote in message
news:42******* ********@msnews .microsoft.com. ..
On Mon, 21 Mar 2005 03:55:45 -0800, thomas h <me@alternize.c om> wrote:
interestin g point:

the web does not allow anonymous access.

when i enable anonymous access and put in the domain account as user, my
script works. so obviously asp is not running in the web application
pool, but under a different user context (which one??) when anonymous
access is disabled.

the users logging in are domain users with full rights to the network -
so iis/asp does not seem to impersonate them either.

so the question comes down to: what user is my asp script running in
(obviously not the one from my app pool) when i disable anonymous
access? the web's w3wp.exe is running as the app pool user (my domain
account).


Normally IUSR/IWAM or the logged in user account. This is ASP and not
.NET correct? Have you tried giving the network account access?

Jeff
as a workaround i could just enable anonymous access and then check on
script basis if the user is logged in. but i somehow feel that this is
not how it should work. ;-)

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!


Jul 22 '05 #10

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
996
by: Felipe Garcia | last post by:
We have an application that runs ok being hosted in IIS5. But now we have to move these application to IIS6 and the application is misbehaved. Some times clicks on the buttons doesn't work, we have to click a one more time for it to work, and sometimes we get blank screens. Is there any extra configuration that i should do ?
0
1305
by: brian | last post by:
I am using the System.IO.Directory.GetDirectories class to do some file searching work. I am trying to access a networked drive from my local computer. The networked drive is actually located on a novel file server that I get access to when I log into our network. All users have access to this file when they log into our network. When I run my program I keep getting an error saying 'Can't find part of the file path' Are there maybe...
6
4169
by: Adam McCormack | last post by:
Good morning, I hope I'm not repeating a post, but I did try to search for the topic before asking. I am trying to resolve an issue that has come up as a result of planned migration from a single server solution to a distributed solution. A site (and interrelated batch processing scripts) has been running on a single server (IIS 6, win 2003) to two machines both are IIS 6, win 2003, the machines are as follows: box1: Webserver box2:...
0
8619
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
0
8559
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
0
8975
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
0
8818
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
0
7652
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
0
4338
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
1
2996
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
2
2261
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
3
1971
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.