I have a client who is trying to deploy a webservice I wrote. The web
service reads a file on a file server and delivers information about it. The
file needs to be inaccessible to the user of the webservice because it is
intellectual property.
This sounds easy. Just give the IUsr account on the web server, a 2003
server running IIS6, read rights to the files on the file server. Since no
HTTP path will get to the file server, the user can't steal the file.
Unfortunately, the service returns the error
Access to the path "\\FS1\Share\Designs\" is denied.
The Everyone group has rights to the share as well as the Designs folder.
But this happens.
I suggested running the virtual directory under which the web service ran
under a domain account, not the local IUSR. The client reported that the
webservice page would not load at all under that configuration.
What are we doing wrong?
Thanks.
--
Daniel Wilson
Senior Software Solutions Developer
Embtrak Development Team http://www.Embtrak.com
DVBrown Company 5  4721 
a) IUSR_<machinename> is a *local* account. You can't assign it permissions
to remote resources
b) If this is a .NET app, then your code probably isn't running under
IUSR_<machinename> anyway, but rather the process identity for the worker
process (w3wp.exe) that's services your web app
c) If you want to use a custom account for a web app pool identity, then
place that account into the IIS_WPG group on the IIS server (at the very
least), so that it has the necessary permissions to run. If that still
doesn't work, consult this KB article here, to see if anything else is
missing: http://support.microsoft.com/?kbid=812614
Hope that helps
Cheers
Ken
"Daniel Wilson" <d.******@embtrak.com> wrote in message
news:ew**************@tk2msftngp13.phx.gbl... I have a client who is trying to deploy a webservice I wrote. The web
service reads a file on a file server and delivers information about it.
The
file needs to be inaccessible to the user of the webservice because it is
intellectual property.
This sounds easy. Just give the IUsr account on the web server, a 2003
server running IIS6, read rights to the files on the file server. Since no
HTTP path will get to the file server, the user can't steal the file.
Unfortunately, the service returns the error
Access to the path "\\FS1\Share\Designs\" is denied.
The Everyone group has rights to the share as well as the Designs folder.
But this happens.
I suggested running the virtual directory under which the web service ran
under a domain account, not the local IUSR. The client reported that the
webservice page would not load at all under that configuration.
What are we doing wrong?
Thanks.
--
Daniel Wilson
Senior Software Solutions Developer
Embtrak Development Team
http://www.Embtrak.com
DVBrown Company
Thanks for the suggestions. They've tried those ideas today ... to no
avail.
Any more ideas?
Thanks.
dwilson
"Ken Schaefer" <ke*******@THISadopenstatic.com> wrote in message
news:%2****************@TK2MSFTNGP14.phx.gbl... a) IUSR_<machinename> is a *local* account. You can't assign it
permissions to remote resources
b) If this is a .NET app, then your code probably isn't running under
IUSR_<machinename> anyway, but rather the process identity for the worker
process (w3wp.exe) that's services your web app
c) If you want to use a custom account for a web app pool identity, then
place that account into the IIS_WPG group on the IIS server (at the very
least), so that it has the necessary permissions to run. If that still
doesn't work, consult this KB article here, to see if anything else is
missing: http://support.microsoft.com/?kbid=812614
Hope that helps
Cheers
Ken
"Daniel Wilson" <d.******@embtrak.com> wrote in message
news:ew**************@tk2msftngp13.phx.gbl...I have a client who is trying to deploy a webservice I wrote. The web
service reads a file on a file server and delivers information about it.
The
file needs to be inaccessible to the user of the webservice because it
is intellectual property.
This sounds easy. Just give the IUsr account on the web server, a 2003
server running IIS6, read rights to the files on the file server. Since
no HTTP path will get to the file server, the user can't steal the file.
Unfortunately, the service returns the error
Access to the path "\\FS1\Share\Designs\" is denied.
The Everyone group has rights to the share as well as the Designs
folder. But this happens.
I suggested running the virtual directory under which the web service
ran under a domain account, not the local IUSR. The client reported that
the webservice page would not load at all under that configuration.
What are we doing wrong?
Thanks.
--
Daniel Wilson
Senior Software Solutions Developer
Embtrak Development Team
http://www.Embtrak.com
DVBrown Company
Daniel,
You need pass credentials to the web service that have access to the share.
For example:
ws = New csiaigws.csiaighooks
Dim cache As New CredentialCache
cache.Add(New Uri("http://localhost/CSIAIGWS/"), "negotiate", New
NetworkCredential("domainuser", "password", "domain"))
ws.Credentials = cache
The credentials that you use in the Cache.Add this way you don't have to
mess with IUSR or anything else.
Let me know if you have any questions about this. HOpe this helps...
Scott
"Daniel Wilson" wrote: Thanks for the suggestions. They've tried those ideas today ... to no
avail.
Any more ideas?
Thanks.
dwilson
"Ken Schaefer" <ke*******@THISadopenstatic.com> wrote in message
news:%2****************@TK2MSFTNGP14.phx.gbl... a) IUSR_<machinename> is a *local* account. You can't assign it
permissions to remote resources
b) If this is a .NET app, then your code probably isn't running under
IUSR_<machinename> anyway, but rather the process identity for the worker
process (w3wp.exe) that's services your web app
c) If you want to use a custom account for a web app pool identity, then
place that account into the IIS_WPG group on the IIS server (at the very
least), so that it has the necessary permissions to run. If that still
doesn't work, consult this KB article here, to see if anything else is
missing: http://support.microsoft.com/?kbid=812614
Hope that helps
Cheers
Ken
"Daniel Wilson" <d.******@embtrak.com> wrote in message
news:ew**************@tk2msftngp13.phx.gbl...I have a client who is trying to deploy a webservice I wrote. The web
service reads a file on a file server and delivers information about it.
The
file needs to be inaccessible to the user of the webservice because it is intellectual property.
This sounds easy. Just give the IUsr account on the web server, a 2003
server running IIS6, read rights to the files on the file server. Since no HTTP path will get to the file server, the user can't steal the file.
Unfortunately, the service returns the error
Access to the path "\\FS1\Share\Designs\" is denied.
The Everyone group has rights to the share as well as the Designs folder. But this happens.
I suggested running the virtual directory under which the web service ran under a domain account, not the local IUSR. The client reported that the webservice page would not load at all under that configuration.
What are we doing wrong?
Thanks.
--
Daniel Wilson
Senior Software Solutions Developer
Embtrak Development Team
http://www.Embtrak.com
DVBrown Company
Thanks for the help, Ken. Your point B contained the key, though I missed it
at first. Here are the steps that got it working for us.
The network admin created a domain user named "Browser".
I added the user to the local IIS_WPG group.
I created a new application pool and set it to run under the Browser
identity.
I set the LogoBrowser application to run in that new application pool.
Finally, I gave Browser full control of Windows\Temp. See
http://www.error-bank.com/microsoft.public.dotnet.framework.webservices/9Z**********************@news4.srv.hcvlny.cv.net_T hread.aspx
dwilson
"Ken Schaefer" <ke*******@THISadopenstatic.com> wrote in message
news:%2****************@TK2MSFTNGP14.phx.gbl... a) IUSR_<machinename> is a *local* account. You can't assign it
permissions to remote resources
b) If this is a .NET app, then your code probably isn't running under
IUSR_<machinename> anyway, but rather the process identity for the worker
process (w3wp.exe) that's services your web app
c) If you want to use a custom account for a web app pool identity, then
place that account into the IIS_WPG group on the IIS server (at the very
least), so that it has the necessary permissions to run. If that still
doesn't work, consult this KB article here, to see if anything else is
missing: http://support.microsoft.com/?kbid=812614
Hope that helps
Cheers
Ken
"Daniel Wilson" <d.******@embtrak.com> wrote in message
news:ew**************@tk2msftngp13.phx.gbl...I have a client who is trying to deploy a webservice I wrote. The web
service reads a file on a file server and delivers information about it.
The
file needs to be inaccessible to the user of the webservice because it
is intellectual property.
This sounds easy. Just give the IUsr account on the web server, a 2003
server running IIS6, read rights to the files on the file server. Since
no HTTP path will get to the file server, the user can't steal the file.
Unfortunately, the service returns the error
Access to the path "\\FS1\Share\Designs\" is denied.
The Everyone group has rights to the share as well as the Designs
folder. But this happens.
I suggested running the virtual directory under which the web service
ran under a domain account, not the local IUSR. The client reported that
the webservice page would not load at all under that configuration.
What are we doing wrong?
Thanks.
--
Daniel Wilson
Senior Software Solutions Developer
Embtrak Development Team
http://www.Embtrak.com
DVBrown Company
Thanks, Scott. We just got it working another way as I'll detail in another
branch of this thread. This way might have been easier though.
dwilson
"SQLScott" <SQ******@discussions.microsoft.com> wrote in message
news:38**********************************@microsof t.com... Daniel,
You need pass credentials to the web service that have access to the
share. For example:
ws = New csiaigws.csiaighooks
Dim cache As New CredentialCache
cache.Add(New Uri("http://localhost/CSIAIGWS/"), "negotiate", New
NetworkCredential("domainuser", "password", "domain"))
ws.Credentials = cache
The credentials that you use in the Cache.Add this way you don't have to
mess with IUSR or anything else.
Let me know if you have any questions about this. HOpe this helps...
Scott
"Daniel Wilson" wrote:
Thanks for the suggestions. They've tried those ideas today ... to no
avail.
Any more ideas?
Thanks.
dwilson
"Ken Schaefer" <ke*******@THISadopenstatic.com> wrote in message
news:%2****************@TK2MSFTNGP14.phx.gbl... a) IUSR_<machinename> is a *local* account. You can't assign it
permissions to remote resources
b) If this is a .NET app, then your code probably isn't running under
IUSR_<machinename> anyway, but rather the process identity for the
worker process (w3wp.exe) that's services your web app
c) If you want to use a custom account for a web app pool identity,
then place that account into the IIS_WPG group on the IIS server (at the
very least), so that it has the necessary permissions to run. If that still
doesn't work, consult this KB article here, to see if anything else is
missing: http://support.microsoft.com/?kbid=812614
Hope that helps
Cheers
Ken
"Daniel Wilson" <d.******@embtrak.com> wrote in message
news:ew**************@tk2msftngp13.phx.gbl...
>I have a client who is trying to deploy a webservice I wrote. The web
> service reads a file on a file server and delivers information about
it. > The
> file needs to be inaccessible to the user of the webservice because
it is > intellectual property.
>
> This sounds easy. Just give the IUsr account on the web server, a
2003 > server running IIS6, read rights to the files on the file server.
Since no > HTTP path will get to the file server, the user can't steal the
file. >
> Unfortunately, the service returns the error
> Access to the path "\\FS1\Share\Designs\" is denied.
>
> The Everyone group has rights to the share as well as the Designs
folder. > But this happens.
>
> I suggested running the virtual directory under which the web
service ran > under a domain account, not the local IUSR. The client reported
that the > webservice page would not load at all under that configuration.
>
> What are we doing wrong?
>
> Thanks.
>
>
> --
> Daniel Wilson
> Senior Software Solutions Developer
> Embtrak Development Team
> http://www.Embtrak.com
> DVBrown Company
>
>
>
>
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Raul Cortes |
last post by:
I have been developing winforms for a while.
I had an app, that downlods exchange rates from an html page from a website,
creating a dataset, and then writing the xml to the local drive....
|
by: DotNetter |
last post by:
I have two computers. Both computers have Windows 2003 installed as well
as Visual Studio.Net 2003 installed.
Computer A has active directory set and also has .Net and the webservice
called...
|
by: Martinh |
last post by:
Hi I keep getting this error...
Access to the path
"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary
ASP.NETFiles\webservice_isds\f12c6a5a\5975001" is denied.
Stack Trace:
...
|
by: Russell Mangel |
last post by:
Hi,
How can I set permissions, so my webservice will run, without entering my
name and password in the Web.Config file?
I have created a WebService, and then added a Web reference to a Windows...
|
by: xisco |
last post by:
hi
I can access and play with my webservice without any problems in my
localhost. I am using .net 2.0
but I can not access it when I placed it in my win2003 server. also have
..net 2.0 there.
...
|
by: Boni |
last post by:
I want consuming a webserivce trough a proxy. I use this code.
myService s = new myService ();
System.Net.WebProxy proxyObject = new
System.Net.WebProxy("http://proxyhost:8080");
s.Proxy =...
|
by: Alan Sloan |
last post by:
I've written a web service in VS2005 that uses a COM object to get a file
out of another system. I eventually need to stream the file to the
consumer, but I first need to get the file to a...
|
by: =?Utf-8?B?SmVzcyBMdW5kYWdlciBBbmRlcnNlbg==?= |
last post by:
Hi,
I have a problem accessing a web service.
The problem consists in that after a couple of hours (approx. 3 hours) the
web service is non-responsive.
I have then tried accessing it through...
|
by: Orit |
last post by:
My solution has ASP.NET app , .NET dll and a Web Service .
The ASP.NET application calls to WebService’s methods , which calls
the dll’s methods .
One of the functions of the dll is accessing...
|
by: CloudSolutions |
last post by:
Introduction:
For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
|
by: Faith0G |
last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome former...
|
by: ryjfgjl |
last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
| |
