473,325 Members | 2,671 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,325 software developers and data experts.

access denied in an asp.net 2.0 application when accessing a direc

on a different server.

I am currently getting an access denied when I attempt to do the following
in my asp.net page:

strFilePath = ConfigurationManager.AppSettings["imagesavedir"];

strFileName = strImageName + ".*";

DirectoryInfo di = new DirectoryInfo(Server.MapPath(strFilePath));

FileInfo[] fls = di.GetFiles(strFileName);

This is the error:

Access to the path '\\192.168.2.26\images\ProdSite\CENET' is denied.

What permissions do I need to set for this to work. The ip address is on
another windows 2003 server.

Thanks

Eric

Mar 9 '06 #1
6 4529
I think you want to grant read permission and directory browsing on the
ntfs level (properties -> security) to the IUSR_<servername> account,
then grant the same thing on the iis level via IIS Manager. There's
two levels of security- IIS and NTFS.

Mar 9 '06 #2
Thanks for Michael's input,

Hi Eric,

As for such security issue, we should first confirm what's the ASP.NET
application's running security context, if you're not using impersonate, it
should be the ASP.NET worker process's process account(this setting should
differ from IIS5 to IIS6). For IIS, it is the Machine\ASPNET account ,
while IIS6 by default use Network Service as the application pool idenitity.

And as for the remote UNC share, there're two permission settings, the NTFS
and the file share permission settings. Therefore, I suggest you check both
of them on the remote server machine and grant the proper use the
sufficient permission.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)




Mar 9 '06 #3
Hi Steven,

I am running IIS 6.0.

How would I find out what security context I am running under?

On the share, I set the NetworkService account from webserver read only
access and on the NTFS security, I gave NetworkService account from webserver
ready only access also.

Basically, I want the remote users to only read/browse the files but not
change the files.

Is this the correct approach?

Thanks

Eric
"Steven Cheng[MSFT]" wrote:
Thanks for Michael's input,

Hi Eric,

As for such security issue, we should first confirm what's the ASP.NET
application's running security context, if you're not using impersonate, it
should be the ASP.NET worker process's process account(this setting should
differ from IIS5 to IIS6). For IIS, it is the Machine\ASPNET account ,
while IIS6 by default use Network Service as the application pool idenitity.

And as for the remote UNC share, there're two permission settings, the NTFS
and the file share permission settings. Therefore, I suggest you check both
of them on the remote server machine and grant the proper use the
sufficient permission.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)




Mar 9 '06 #4
Thanks for the response Eric,

I think it should be OK. Since you're using IIS6, if the ASP.NET
application virtual dir is configured to use the Default Application Pool
and your ASP.NET dosn't use impersonate, it should be the NT
AUTHORITY\NETWORK SERVICE account. Anyway, you can use the below code to
printout the security identity of the current running thread:

Response.Write("<br/>" +
System.Security.Principal.WindowsIdentity.GetCurre nt().Name);

BTW, as for the "Network Service" account you mentioned when configure the
UNC share's permission, are you sure you are refering to the ASP.NET
server's Network Service account( rather than the UNC share machine's
Network Service account)? Network Service just represent machine's account
so it differs from machine to machine.

In addition, you can turn on the File access Audit for that UNC folder on
that machine, this can help capture the Access failture log.

3How To Audit User Access of Files, Folders, and Printers in Windows XP
http://support.microsoft.com/kb/310399/en-us

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Mar 10 '06 #5
Thanks for the information.

Thanks

Eric

"Steven Cheng[MSFT]" wrote:
Thanks for the response Eric,

I think it should be OK. Since you're using IIS6, if the ASP.NET
application virtual dir is configured to use the Default Application Pool
and your ASP.NET dosn't use impersonate, it should be the NT
AUTHORITY\NETWORK SERVICE account. Anyway, you can use the below code to
printout the security identity of the current running thread:

Response.Write("<br/>" +
System.Security.Principal.WindowsIdentity.GetCurre nt().Name);

BTW, as for the "Network Service" account you mentioned when configure the
UNC share's permission, are you sure you are refering to the ASP.NET
server's Network Service account( rather than the UNC share machine's
Network Service account)? Network Service just represent machine's account
so it differs from machine to machine.

In addition, you can turn on the File access Audit for that UNC folder on
that machine, this can help capture the Access failture log.

3How To Audit User Access of Files, Folders, and Printers in Windows XP
http://support.microsoft.com/kb/310399/en-us

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Mar 10 '06 #6
Thanks for the quick response.

Glad that they're of assistance. Please feel free to let me know if you
need any further help.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Mar 10 '06 #7

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
by: Ed | last post by:
I have searched the archives and found several entries that address the problem I'm having, however, the solutions fall short of explaining exactly what to do Like many others, when I attempt to...
0
by: David | last post by:
Hi I wrote an windows application accessing web services method. Everything works perfectly. My system crashed, I install the VS.NET 2003 Pro. Suddenly i realized that i required to used some of...
4
by: Fabian von Romberg | last post by:
Hi, I have installed Sql Reporting Services on 2 machines, one is WIN 2000 PRO and the other one is WIN 2000 ADV. SERVER. When I try to access a report using the webbrowser, I get the following...
3
by: buran | last post by:
Dear ASP.NET Programmers, I am trying to save a new created Word document, but getting the following the error. I granted the necessary rights to the ASPNET user, but I'm still getting this...
0
by: George | last post by:
Hello, I'm running an ASPX application "WebApplication1" which consumes a web service (service1.asmx) hosted on a machine with IP (128.1.7.x) . The web service is located in the intranet. The...
12
by: Chad Crowder | last post by:
Hi all, I hope someone can give me a hand, because I'm out of ideas. I keep getting this message: Access to the path "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET...
3
by: Mark | last post by:
I'd like to avoid displaying the nasty built-in ASP.NET error for a 401.2, access denied. We're using windows authentication. The error message that is displayed by default is printed below. I'd...
3
by: Olivogt | last post by:
Hello, I was just puting an application on the web server but it did not work as usual... - I do develop on my notebook and move released applications to the Web server - both have Sql Server...
2
by: =?Utf-8?B?RWRkaWU=?= | last post by:
Here is my scenario for a problem I can't solve. I am hosting a 3.5 WCF service in IIS on Windows Server 2003. The service works fine with the WCF test client in Visual Studio 2008 and from an...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.