I have a client who is trying to deploy a webservice I wrote. The web
service reads a file on a file server and delivers information about it. The
file needs to be inaccessible to the user of the webservice because it is
intellectual property.
This sounds easy. Just give the IUsr account on the web server, a 2003
server running IIS6, read rights to the files on the file server. Since no
HTTP path will get to the file server, the user can't steal the file.
Unfortunately, the service returns the error
Access to the path "\\FS1\Share\De signs\" is denied.
The Everyone group has rights to the share as well as the Designs folder.
But this happens.
I suggested running the virtual directory under which the web service ran
under a domain account, not the local IUSR. The client reported that the
webservice page would not load at all under that configuration.
What are we doing wrong?
Thanks.
--
Daniel Wilson
Senior Software Solutions Developer
Embtrak Development Team http://www.Embtrak.com
DVBrown Company 5  4735 
a) IUSR_<machinena me> is a *local* account. You can't assign it permissions
to remote resources
b) If this is a .NET app, then your code probably isn't running under
IUSR_<machinena me> anyway, but rather the process identity for the worker
process (w3wp.exe) that's services your web app
c) If you want to use a custom account for a web app pool identity, then
place that account into the IIS_WPG group on the IIS server (at the very
least), so that it has the necessary permissions to run. If that still
doesn't work, consult this KB article here, to see if anything else is
missing: http://support.microsoft.com/?kbid=812614
Hope that helps
Cheers
Ken
"Daniel Wilson" <d.******@embtr ak.com> wrote in message
news:ew******** ******@tk2msftn gp13.phx.gbl... I have a client who is trying to deploy a webservice I wrote. The web
service reads a file on a file server and delivers information about it.
The
file needs to be inaccessible to the user of the webservice because it is
intellectual property.
This sounds easy. Just give the IUsr account on the web server, a 2003
server running IIS6, read rights to the files on the file server. Since no
HTTP path will get to the file server, the user can't steal the file.
Unfortunately, the service returns the error
Access to the path "\\FS1\Share\De signs\" is denied.
The Everyone group has rights to the share as well as the Designs folder.
But this happens.
I suggested running the virtual directory under which the web service ran
under a domain account, not the local IUSR. The client reported that the
webservice page would not load at all under that configuration.
What are we doing wrong?
Thanks.
--
Daniel Wilson
Senior Software Solutions Developer
Embtrak Development Team
http://www.Embtrak.com
DVBrown Company
Thanks for the suggestions. They've tried those ideas today ... to no
avail.
Any more ideas?
Thanks.
dwilson
"Ken Schaefer" <ke*******@THIS adopenstatic.co m> wrote in message
news:%2******** ********@TK2MSF TNGP14.phx.gbl. .. a) IUSR_<machinena me> is a *local* account. You can't assign it
permissions to remote resources
b) If this is a .NET app, then your code probably isn't running under
IUSR_<machinena me> anyway, but rather the process identity for the worker
process (w3wp.exe) that's services your web app
c) If you want to use a custom account for a web app pool identity, then
place that account into the IIS_WPG group on the IIS server (at the very
least), so that it has the necessary permissions to run. If that still
doesn't work, consult this KB article here, to see if anything else is
missing: http://support.microsoft.com/?kbid=812614
Hope that helps
Cheers
Ken
"Daniel Wilson" <d.******@embtr ak.com> wrote in message
news:ew******** ******@tk2msftn gp13.phx.gbl...I have a client who is trying to deploy a webservice I wrote. The web
service reads a file on a file server and delivers information about it.
The
file needs to be inaccessible to the user of the webservice because it
is intellectual property.
This sounds easy. Just give the IUsr account on the web server, a 2003
server running IIS6, read rights to the files on the file server. Since
no HTTP path will get to the file server, the user can't steal the file.
Unfortunately, the service returns the error
Access to the path "\\FS1\Share\De signs\" is denied.
The Everyone group has rights to the share as well as the Designs
folder. But this happens.
I suggested running the virtual directory under which the web service
ran under a domain account, not the local IUSR. The client reported that
the webservice page would not load at all under that configuration.
What are we doing wrong?
Thanks.
--
Daniel Wilson
Senior Software Solutions Developer
Embtrak Development Team
http://www.Embtrak.com
DVBrown Company
Daniel,
You need pass credentials to the web service that have access to the share.
For example:
ws = New csiaigws.csiaig hooks
Dim cache As New CredentialCache
cache.Add(New Uri("http://localhost/CSIAIGWS/"), "negotiate" , New
NetworkCredenti al("domainuser" , "password", "domain"))
ws.Credentials = cache
The credentials that you use in the Cache.Add this way you don't have to
mess with IUSR or anything else.
Let me know if you have any questions about this. HOpe this helps...
Scott
"Daniel Wilson" wrote: Thanks for the suggestions. They've tried those ideas today ... to no
avail.
Any more ideas?
Thanks.
dwilson
"Ken Schaefer" <ke*******@THIS adopenstatic.co m> wrote in message
news:%2******** ********@TK2MSF TNGP14.phx.gbl. .. a) IUSR_<machinena me> is a *local* account. You can't assign it
permissions to remote resources
b) If this is a .NET app, then your code probably isn't running under
IUSR_<machinena me> anyway, but rather the process identity for the worker
process (w3wp.exe) that's services your web app
c) If you want to use a custom account for a web app pool identity, then
place that account into the IIS_WPG group on the IIS server (at the very
least), so that it has the necessary permissions to run. If that still
doesn't work, consult this KB article here, to see if anything else is
missing: http://support.microsoft.com/?kbid=812614
Hope that helps
Cheers
Ken
"Daniel Wilson" <d.******@embtr ak.com> wrote in message
news:ew******** ******@tk2msftn gp13.phx.gbl...I have a client who is trying to deploy a webservice I wrote. The web
service reads a file on a file server and delivers information about it.
The
file needs to be inaccessible to the user of the webservice because it is intellectual property.
This sounds easy. Just give the IUsr account on the web server, a 2003
server running IIS6, read rights to the files on the file server. Since no HTTP path will get to the file server, the user can't steal the file.
Unfortunately, the service returns the error
Access to the path "\\FS1\Share\De signs\" is denied.
The Everyone group has rights to the share as well as the Designs folder. But this happens.
I suggested running the virtual directory under which the web service ran under a domain account, not the local IUSR. The client reported that the webservice page would not load at all under that configuration.
What are we doing wrong?
Thanks.
--
Daniel Wilson
Senior Software Solutions Developer
Embtrak Development Team
http://www.Embtrak.com
DVBrown Company
Thanks for the help, Ken. Your point B contained the key, though I missed it
at first. Here are the steps that got it working for us.
The network admin created a domain user named "Browser".
I added the user to the local IIS_WPG group.
I created a new application pool and set it to run under the Browser
identity.
I set the LogoBrowser application to run in that new application pool.
Finally, I gave Browser full control of Windows\Temp. See
http://www.error-bank.com/microsoft.publi c.dotnet.framew ork.webservices/9Z************* *********@news4 .srv.hcvlny.cv. net_Thread.aspx
dwilson
"Ken Schaefer" <ke*******@THIS adopenstatic.co m> wrote in message
news:%2******** ********@TK2MSF TNGP14.phx.gbl. .. a) IUSR_<machinena me> is a *local* account. You can't assign it
permissions to remote resources
b) If this is a .NET app, then your code probably isn't running under
IUSR_<machinena me> anyway, but rather the process identity for the worker
process (w3wp.exe) that's services your web app
c) If you want to use a custom account for a web app pool identity, then
place that account into the IIS_WPG group on the IIS server (at the very
least), so that it has the necessary permissions to run. If that still
doesn't work, consult this KB article here, to see if anything else is
missing: http://support.microsoft.com/?kbid=812614
Hope that helps
Cheers
Ken
"Daniel Wilson" <d.******@embtr ak.com> wrote in message
news:ew******** ******@tk2msftn gp13.phx.gbl...I have a client who is trying to deploy a webservice I wrote. The web
service reads a file on a file server and delivers information about it.
The
file needs to be inaccessible to the user of the webservice because it
is intellectual property.
This sounds easy. Just give the IUsr account on the web server, a 2003
server running IIS6, read rights to the files on the file server. Since
no HTTP path will get to the file server, the user can't steal the file.
Unfortunately, the service returns the error
Access to the path "\\FS1\Share\De signs\" is denied.
The Everyone group has rights to the share as well as the Designs
folder. But this happens.
I suggested running the virtual directory under which the web service
ran under a domain account, not the local IUSR. The client reported that
the webservice page would not load at all under that configuration.
What are we doing wrong?
Thanks.
--
Daniel Wilson
Senior Software Solutions Developer
Embtrak Development Team
http://www.Embtrak.com
DVBrown Company
Thanks, Scott. We just got it working another way as I'll detail in another
branch of this thread. This way might have been easier though.
dwilson
"SQLScott" <SQ******@discu ssions.microsof t.com> wrote in message
news:38******** *************** ***********@mic rosoft.com... Daniel,
You need pass credentials to the web service that have access to the
share. For example:
ws = New csiaigws.csiaig hooks
Dim cache As New CredentialCache
cache.Add(New Uri("http://localhost/CSIAIGWS/"), "negotiate" , New
NetworkCredenti al("domainuser" , "password", "domain"))
ws.Credentials = cache
The credentials that you use in the Cache.Add this way you don't have to
mess with IUSR or anything else.
Let me know if you have any questions about this. HOpe this helps...
Scott
"Daniel Wilson" wrote:
Thanks for the suggestions. They've tried those ideas today ... to no
avail.
Any more ideas?
Thanks.
dwilson
"Ken Schaefer" <ke*******@THIS adopenstatic.co m> wrote in message
news:%2******** ********@TK2MSF TNGP14.phx.gbl. .. a) IUSR_<machinena me> is a *local* account. You can't assign it
permissions to remote resources
b) If this is a .NET app, then your code probably isn't running under
IUSR_<machinena me> anyway, but rather the process identity for the
worker process (w3wp.exe) that's services your web app
c) If you want to use a custom account for a web app pool identity,
then place that account into the IIS_WPG group on the IIS server (at the
very least), so that it has the necessary permissions to run. If that still
doesn't work, consult this KB article here, to see if anything else is
missing: http://support.microsoft.com/?kbid=812614
Hope that helps
Cheers
Ken
"Daniel Wilson" <d.******@embtr ak.com> wrote in message
news:ew******** ******@tk2msftn gp13.phx.gbl...
>I have a client who is trying to deploy a webservice I wrote. The web
> service reads a file on a file server and delivers information about
it. > The
> file needs to be inaccessible to the user of the webservice because
it is > intellectual property.
>
> This sounds easy. Just give the IUsr account on the web server, a
2003 > server running IIS6, read rights to the files on the file server.
Since no > HTTP path will get to the file server, the user can't steal the
file. >
> Unfortunately, the service returns the error
> Access to the path "\\FS1\Share\De signs\" is denied.
>
> The Everyone group has rights to the share as well as the Designs
folder. > But this happens.
>
> I suggested running the virtual directory under which the web
service ran > under a domain account, not the local IUSR. The client reported
that the > webservice page would not load at all under that configuration.
>
> What are we doing wrong?
>
> Thanks.
>
>
> --
> Daniel Wilson
> Senior Software Solutions Developer
> Embtrak Development Team
> http://www.Embtrak.com
> DVBrown Company
>
>
>
>
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Raul Cortes |
last post by:
I have been developing winforms for a while.
I had an app, that downlods exchange rates from an html page from a website,
creating a dataset, and then writing the xml to the local drive.
Basically, when I need an old exchange rate, I already have it on my
dataset,
and whenever there is a new exchange rate, I have to do the access to the...
|
by: DotNetter |
last post by:
I have two computers. Both computers have Windows 2003 installed as well
as Visual Studio.Net 2003 installed.
Computer A has active directory set and also has .Net and the webservice
called WebserviceTest with a method called Service1 that only returns
the string "Hello World".
I have enabled Anonymous Access and have a user called ASPNET...
|
by: Martinh |
last post by:
Hi I keep getting this error...
Access to the path
"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary
ASP.NETFiles\webservice_isds\f12c6a5a\5975001" is denied.
Stack Trace:
System.IO.__Error.WinIOError(Int32 errorCode, String str) +393
|
by: Russell Mangel |
last post by:
Hi,
How can I set permissions, so my webservice will run, without entering my
name and password in the Web.Config file?
I have created a WebService, and then added a Web reference to a Windows
Form program.
The webservice is an Administrators Utility, and needs to delete files on
various drives/directories, and do file maintenance.
This...
|
by: xisco |
last post by:
hi
I can access and play with my webservice without any problems in my
localhost. I am using .net 2.0
but I can not access it when I placed it in my win2003 server. also have
..net 2.0 there.
on IIS I set the permissions to browse the virtual directory. So, I can
browse the directory content and I can see that my asmx file is there but...
| | |
by: Boni |
last post by:
I want consuming a webserivce trough a proxy. I use this code.
myService s = new myService ();
System.Net.WebProxy proxyObject = new
System.Net.WebProxy("http://proxyhost:8080");
s.Proxy = proxyObject;
It doesn't works, it returns a error
HTTP 407: Proxy Authentication Required ( Access is denied. ).
But my proxy don't need a user...
|
by: Alan Sloan |
last post by:
I've written a web service in VS2005 that uses a COM object to get a file
out of another system. I eventually need to stream the file to the
consumer, but I first need to get the file to a temporary location. I'd
like this temporary location to be a subfolder in my web service. When I
attempt to get the file to...
|
by: =?Utf-8?B?SmVzcyBMdW5kYWdlciBBbmRlcnNlbg==?= |
last post by:
Hi,
I have a problem accessing a web service.
The problem consists in that after a couple of hours (approx. 3 hours) the
web service is non-responsive.
I have then tried accessing it through Internet Explorer and when I invoke a
method exposed by the web service I recieve
a "FileNotFound"-exception referring to a specific DLL in...
|
by: Orit |
last post by:
My solution has ASP.NET app , .NET dll and a Web Service .
The ASP.NET application calls to WebService’s methods , which calls
the dll’s methods .
One of the functions of the dll is accessing files , which are located
on different computer. The path is UNC path and it exists . It has the
following code :
If...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it. ...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating...
| |
