472,779 Members | 1,751 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 472,779 software developers and data experts.

Win2003 Server - Access to the path is denied

We are having an issue in that when trying to read a file that is on Server2
from Server1 (through our ASP.NET project), we receive the error:
Access to the path "\\Server2\MyShare\MyFile.tif" is denied.
Here is the server setup that we have:
Dev - Development Computer on WinXP Pro SP2 (IIS5), VS2003 developing
under .NET Framework 1.1
Server1 - Web Server on Win2003 Server (IIS6)
Server2 - File Server on Win2003 Server
All servers are a part of the same domain
The error only happens on Server1 (Win2003 w/IIS6). The error does not
occur on Dev (WinXP Pro SP2 w/IIS5). We have also tried running this web
application on another Win2003 server with the same error as Server1. On
each server, we were logged on with an Administrator account (which has
permission to Server2) even though log-in is not required.
The line of code which generates the error is:
iStream = New System.IO.FileStream(filepath, System.IO.FileMode.Open, _
IO.FileAccess.Read, IO.FileShare.Read)
Anonymous access to our web project has been disabled by doing the
following:
In the Web.Config of the ASP.NET project:
<authentication mode="Windows"/>
<identity impersonate="true"/> (this is only on the Dev machine and
has been removed on Server1)
<authorization>
<deny users="?"/> <!-- Deny Anonymous users -->
<allow users="*"/> <!-- Allow only authenticated users -->
</authorization>
Within IIS on Dev and Server1
- "Anonymous access" has been disabled
- "Integrated Windows authentication" has been enabled
We have verified, before and after the error, that the user is the current
Windows user (from the client machine) and that they are a part of the group
assigned to the "MyShare" folder on Server2 with sufficient privileges. We
have also tried using an Administrator account to no avail.
The code used for checking the current user is:
Me.User.Identity.Name

The code used for checking permissions is:
HasPermission(New System.Security.Permissions.FileIOPermission( _
System.Security.Permissions.FileIOPermissionAccess .AllAccess, _
filepath))

Private Function HasPermission(ByVal permission As
System.Security.CodeAccessPermission) As Boolean
Dim bolReturn As Boolean
Try
If Not permission Is Nothing Then
permission.Demand()
End If
bolReturn = True
Catch
bolReturn = False
End Try
Return bolReturn
End Function
We have also tried running the following code before trying to read the
file:
AppDomain.CurrentDomain.SetPrincipalPolicy(Princip al.PrincipalPolicy.WindowsPrincipal)

' Thread.CurrentPrincipal represents the Windows Authenticated user
Thread.CurrentPrincipal = New
Principal.WindowsPrincipal(Principal.WindowsIdenti ty.GetCurrent())

'Thread.CurrentPrincipal.Identity
'HttpContext.Current.User
Dim wic As WindowsImpersonationContext =
CType(HttpContext.Current.User.Identity,
System.Security.Principal.WindowsIdentity).Imperso nate()
The "MyShare" folder on Server2 has restricted permissions set for a
specific group of people when the error occurs. If we add "Everybody" to
the permissions list and give "Everybody" read access, then we are able to
download the file. Even though this works, it is not a solution that we are
happy with.
We tried accessing the file directly from the Web Service (on Server2) when
called from Server1, but that also failed with the same "Access to the path
...." error message. Something that did work successfully was to create the
following structure on Server2:
Business Tier (COM+ DLL running under local Admin account)
Web Service
The web project would call a Web Service function which would then call a
Business Tier function to return a byte array of a specified file.
We also noticed that if you copy the path in the error message and paste it
directly into Windows/Internet Explorer, that the file can be accessed
without any problems. This, to me, indicates that the opening of the
FileStream is not being called under the permission of the authenticated
user.
Based on the Web.Config and IIS settings, I was under the assumption that
the user would impersonated on Server1 which should also give them access to
the appropriate resources on Server2. Even though the username is correct
and the HasPermission function which checks for AllAccess permission on the
file on Server2 was successful, the error message when trying to read the
file makes it seem as if the impersonation failed.
The questions that I have are:
1. Why is this happening?
2. What is the solution?
TIA,
Jody
Nov 19 '05 #1
1 4815
On Wed, 17 Aug 2005 10:12:59 -0400, "Jody Gelowitz" <jg**************@blah.leevalley.com> wrote:

We are having an issue in that when trying to read a file that is on Server2
from Server1 (through our ASP.NET project), we receive the error:
Access to the path "\\Server2\MyShare\MyFile.tif" is denied.


Here is the server setup that we have:
Dev - Development Computer on WinXP Pro SP2 (IIS5), VS2003 developing
under .NET Framework 1.1
Server1 - Web Server on Win2003 Server (IIS6)
Server2 - File Server on Win2003 Server
All servers are a part of the same domain


The error only happens on Server1 (Win2003 w/IIS6). The error does not
occur on Dev (WinXP Pro SP2 w/IIS5). We have also tried running this web
application on another Win2003 server with the same error as Server1. On
each server, we were logged on with an Administrator account (which has
permission to Server2) even though log-in is not required.


The line of code which generates the error is:
iStream = New System.IO.FileStream(filepath, System.IO.FileMode.Open, _
IO.FileAccess.Read, IO.FileShare.Read)


Anonymous access to our web project has been disabled by doing the
following:
In the Web.Config of the ASP.NET project:
<authentication mode="Windows"/>
<identity impersonate="true"/> (this is only on the Dev machine and
has been removed on Server1)
<authorization>
<deny users="?"/> <!-- Deny Anonymous users -->
<allow users="*"/> <!-- Allow only authenticated users -->
</authorization>
Within IIS on Dev and Server1
- "Anonymous access" has been disabled
- "Integrated Windows authentication" has been enabled


We have verified, before and after the error, that the user is the current
Windows user (from the client machine) and that they are a part of the group
assigned to the "MyShare" folder on Server2 with sufficient privileges. We
have also tried using an Administrator account to no avail.


The code used for checking the current user is:
Me.User.Identity.Name

The code used for checking permissions is:
HasPermission(New System.Security.Permissions.FileIOPermission( _
System.Security.Permissions.FileIOPermissionAccess .AllAccess, _
filepath))

Private Function HasPermission(ByVal permission As
System.Security.CodeAccessPermission) As Boolean
Dim bolReturn As Boolean
Try
If Not permission Is Nothing Then
permission.Demand()
End If
bolReturn = True
Catch
bolReturn = False
End Try
Return bolReturn
End Function


We have also tried running the following code before trying to read the
file:
AppDomain.CurrentDomain.SetPrincipalPolicy(Princip al.PrincipalPolicy.WindowsPrincipal)

' Thread.CurrentPrincipal represents the Windows Authenticated user
Thread.CurrentPrincipal = New
Principal.WindowsPrincipal(Principal.WindowsIdenti ty.GetCurrent())

'Thread.CurrentPrincipal.Identity
'HttpContext.Current.User
Dim wic As WindowsImpersonationContext =
CType(HttpContext.Current.User.Identity,
System.Security.Principal.WindowsIdentity).Imperso nate()


The "MyShare" folder on Server2 has restricted permissions set for a
specific group of people when the error occurs. If we add "Everybody" to
the permissions list and give "Everybody" read access, then we are able to
download the file. Even though this works, it is not a solution that we are
happy with.


We tried accessing the file directly from the Web Service (on Server2) when
called from Server1, but that also failed with the same "Access to the path
..." error message. Something that did work successfully was to create the
following structure on Server2:
Business Tier (COM+ DLL running under local Admin account)
Web Service
The web project would call a Web Service function which would then call a
Business Tier function to return a byte array of a specified file.


We also noticed that if you copy the path in the error message and paste it
directly into Windows/Internet Explorer, that the file can be accessed
without any problems. This, to me, indicates that the opening of the
FileStream is not being called under the permission of the authenticated
user.


Based on the Web.Config and IIS settings, I was under the assumption that
the user would impersonated on Server1 which should also give them access to
the appropriate resources on Server2. Even though the username is correct
and the HasPermission function which checks for AllAccess permission on the
file on Server2 was successful, the error message when trying to read the
file makes it seem as if the impersonation failed.


The questions that I have are:
1. Why is this happening?
2. What is the solution?


Thanks for the comprehensive description and information.

I think you're hung up on the delegation issue. IIS cannot delegate credentials to a remote resource
when authenticating with Integrated Windows security. NTLM handles the authentication and the
credentials are never passed on to IIS.

If the goal is to impersonate and then delegate using Integrated Windows authentication you need to
implement Kerberos. There are some other workarounds that might be acceptable. See the following
document:

http://msdn.microsoft.com/library/de...delegation.asp

BTW, this probably works w/your DEV box because you're already authenticated locally as opposed to
being authenticated via IIS.
Paul
~~~~
Microsoft MVP (Visual Basic)
Nov 19 '05 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
by: Henrique Berenguel | last post by:
Hello folks. How do I solve the problem below? when my program executes the line below : Package.WriteXml(Server.MapPath(strID + ".XML")); Ireceive the following error message: ...
5
by: Martin Robins | last post by:
I have never dabbled with ASP.NET until now so be warned! I have created a web application with the single default form: WebForm1.aspx and when I try to display it I get this error. My...
2
by: Ross | last post by:
Hi I have an application using asp.net that I am running on my PC. The web form has a text box where you can enter a name for a new Photo category then click on the button. The code is...
3
by: Jensen Bredal | last post by:
Hello, I'm doing localhost developpement on a win2k3 server . When i lunch the default page i get the following. How do i resolve it? many thanks in advance Server Error in '/MultiTest'...
0
by: Joergen Bech | last post by:
Fairly new to ASP.NET 1.1. Getting the error below when running application on a web server outside of my control, but only the first time I run it: 1. After a long period of inactivity (or...
1
by: lecnac | last post by:
Sorry for the repost. I must have done something wrong when I tried to post my reply (I can't seem to find it). Anyway, I'd really appreciate any help that anyone could provide. My issue is...
15
by: CSharpguy | last post by:
I need to upload a file to an FTP server, can someone point me to some code that connects to an FTP server and uploads a file?
2
by: Don Rich | last post by:
Please share with me any ideas you may have for troubleshooting and resolving the subject problem. I can give more details as necessary. (Please advise if I should post this problem to a more...
6
by: royan | last post by:
Help please! I have the same problem which this post ...
3
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 2 August 2023 starting at 18:00 UK time (6PM UTC+1) and finishing at about 19:15 (7.15PM) The start time is equivalent to 19:00 (7PM) in Central...
0
by: erikbower65 | last post by:
Using CodiumAI's pr-agent is simple and powerful. Follow these steps: 1. Install CodiumAI CLI: Ensure Node.js is installed, then run 'npm install -g codiumai' in the terminal. 2. Connect to...
0
linyimin
by: linyimin | last post by:
Spring Startup Analyzer generates an interactive Spring application startup report that lets you understand what contributes to the application startup time and helps to optimize it. Support for...
0
by: erikbower65 | last post by:
Here's a concise step-by-step guide for manually installing IntelliJ IDEA: 1. Download: Visit the official JetBrains website and download the IntelliJ IDEA Community or Ultimate edition based on...
0
by: kcodez | last post by:
As a H5 game development enthusiast, I recently wrote a very interesting little game - Toy Claw ((http://claw.kjeek.com/))。Here I will summarize and share the development experience here, and hope it...
0
by: Rina0 | last post by:
I am looking for a Python code to find the longest common subsequence of two strings. I found this blog post that describes the length of longest common subsequence problem and provides a solution in...
5
by: DJRhino | last post by:
Private Sub CboDrawingID_BeforeUpdate(Cancel As Integer) If = 310029923 Or 310030138 Or 310030152 Or 310030346 Or 310030348 Or _ 310030356 Or 310030359 Or 310030362 Or...
0
by: lllomh | last post by:
How does React native implement an English player?
0
by: Mushico | last post by:
How to calculate date of retirement from date of birth

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.