0

I have an app that needs to update a txt file on another server. The asp.net app runs under iis6.0. Ive tried setting the permissions on the share for the server that runs the app. e.g DOMAIN\ServerA$ however it still says access to path blah blah is denied.

Any ideas?

Richard Banks
  • 2,946
  • 5
  • 34
  • 71

4 Answers4

1

You should change in IIS pool identity to user that has permission to folder that you are trying to update.

Gregory Nozik
  • 3,296
  • 3
  • 32
  • 47
0

Check that the app isn't passing the user's credentials to the share, e.g Identity.Impersonate or via Windows auth or similar.

Check you have the right account/machine names by writing HttpContext.Current.User.Identity.Name and HttpContext.Current.Server.MachineName to the page.

Widor
  • 13,003
  • 7
  • 42
  • 64
  • Impersonate hasnt been set in the config. IIS is set to use windows auth. Ive checked the security log of the server with the mounted share and i see ServerA has connected – Richard Banks Sep 21 '11 at 11:06
  • OK - not sure in that case. Although an answer to [this question](http://stackoverflow.com/questions/1435753/asp-net-access-to-network-share) suggests mapping the share through code? – Widor Sep 21 '11 at 11:09
0

First make sure that the path is accessible to the server at all by going their manually using your own account. I don't know anything about your set up where you are (major corporation, mom-and-pop shop, whatever), but if there are security blockages on the network this may be an impossibility to start with. As an example, where I am security does not allow servers to communicate with each other in some of our domains through certain protocols/ports. So if I attempted something like this it would fail automatically because of the firewall restrictions.

Once you're sure the connection can be made, verify that the user account applied to the website's application pool has permission to make the connection. By default this account is set to "Network Service" and it is a local account. This will deny the website such permission. You will need to set this account to domain level service account and make sure that account has permission to make the connection.

Joel Etherton
  • 37,325
  • 10
  • 89
  • 104
  • my understanding is that if your app pool is running under the network service you can set permissions on the share against the server name E.g DOMAIN\SERVERA$. Ive verfied that it is connecting to serverb in the event viewer under the security tab – Richard Banks Sep 21 '11 at 11:12
  • Im refereing to this http://serverfault.com/questions/41130/network-service-account-accessing-a-folder-share – Richard Banks Sep 21 '11 at 11:28
  • @Richard Banks: Yes, and by using that method, you're giving any machine with a NETWORK SERVICE account context within that domain the same access. It's a gaping security hole, and I recommend against it. – Joel Etherton Sep 21 '11 at 11:50
0

This may not be exactly what you're looking for, but if you have a specific userId and password that can access the network share, you can use the code here: http://support.microsoft.com/kb/306158

Vivian River
  • 31,198
  • 62
  • 198
  • 313