access denied in an asp.net 2.0 application when accessing a direc

Discussion in 'ASP .Net' started by =?Utf-8?B?ZXN3YW5zb24=?=, Mar 9, 2006.

  1. on a different server.

    I am currently getting an access denied when I attempt to do the following
    in my asp.net page:

    strFilePath = ConfigurationManager.AppSettings["imagesavedir"];

    strFileName = strImageName + ".*";

    DirectoryInfo di = new DirectoryInfo(Server.MapPath(strFilePath));

    FileInfo[] fls = di.GetFiles(strFileName);

    This is the error:

    Access to the path '\\192.168.2.26\images\ProdSite\CENET' is denied.

    What permissions do I need to set for this to work. The ip address is on
    another windows 2003 server.

    Thanks

    Eric
    =?Utf-8?B?ZXN3YW5zb24=?=, Mar 9, 2006
    #1
    1. Advertising

  2. I think you want to grant read permission and directory browsing on the
    ntfs level (properties -> security) to the IUSR_<servername> account,
    then grant the same thing on the iis level via IIS Manager. There's
    two levels of security- IIS and NTFS.
    Michael Hamrah, Mar 9, 2006
    #2
    1. Advertising

  3. Thanks for Michael's input,

    Hi Eric,

    As for such security issue, we should first confirm what's the ASP.NET
    application's running security context, if you're not using impersonate, it
    should be the ASP.NET worker process's process account(this setting should
    differ from IIS5 to IIS6). For IIS, it is the Machine\ASPNET account ,
    while IIS6 by default use Network Service as the application pool idenitity.

    And as for the remote UNC share, there're two permission settings, the NTFS
    and the file share permission settings. Therefore, I suggest you check both
    of them on the remote server machine and grant the proper use the
    sufficient permission.

    Regards,

    Steven Cheng
    Microsoft Online Support

    Get Secure! www.microsoft.com/security
    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)
    Steven Cheng[MSFT], Mar 9, 2006
    #3
  4. Re: access denied in an asp.net 2.0 application when accessing a d

    Hi Steven,

    I am running IIS 6.0.

    How would I find out what security context I am running under?

    On the share, I set the NetworkService account from webserver read only
    access and on the NTFS security, I gave NetworkService account from webserver
    ready only access also.

    Basically, I want the remote users to only read/browse the files but not
    change the files.

    Is this the correct approach?

    Thanks

    Eric


    "Steven Cheng[MSFT]" wrote:

    > Thanks for Michael's input,
    >
    > Hi Eric,
    >
    > As for such security issue, we should first confirm what's the ASP.NET
    > application's running security context, if you're not using impersonate, it
    > should be the ASP.NET worker process's process account(this setting should
    > differ from IIS5 to IIS6). For IIS, it is the Machine\ASPNET account ,
    > while IIS6 by default use Network Service as the application pool idenitity.
    >
    > And as for the remote UNC share, there're two permission settings, the NTFS
    > and the file share permission settings. Therefore, I suggest you check both
    > of them on the remote server machine and grant the proper use the
    > sufficient permission.
    >
    > Regards,
    >
    > Steven Cheng
    > Microsoft Online Support
    >
    > Get Secure! www.microsoft.com/security
    > (This posting is provided "AS IS", with no warranties, and confers no
    > rights.)
    >
    >
    >
    >
    >
    >
    >
    >
    >
    >
    >
    =?Utf-8?B?ZXN3YW5zb24=?=, Mar 9, 2006
    #4
  5. Re: access denied in an asp.net 2.0 application when accessing a d

    Thanks for the response Eric,

    I think it should be OK. Since you're using IIS6, if the ASP.NET
    application virtual dir is configured to use the Default Application Pool
    and your ASP.NET dosn't use impersonate, it should be the NT
    AUTHORITY\NETWORK SERVICE account. Anyway, you can use the below code to
    printout the security identity of the current running thread:

    Response.Write("<br/>" +
    System.Security.Principal.WindowsIdentity.GetCurrent().Name);

    BTW, as for the "Network Service" account you mentioned when configure the
    UNC share's permission, are you sure you are refering to the ASP.NET
    server's Network Service account( rather than the UNC share machine's
    Network Service account)? Network Service just represent machine's account
    so it differs from machine to machine.

    In addition, you can turn on the File access Audit for that UNC folder on
    that machine, this can help capture the Access failture log.

    3How To Audit User Access of Files, Folders, and Printers in Windows XP
    http://support.microsoft.com/kb/310399/en-us

    Regards,

    Steven Cheng
    Microsoft Online Support

    Get Secure! www.microsoft.com/security
    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)
    Steven Cheng[MSFT], Mar 10, 2006
    #5
  6. Re: access denied in an asp.net 2.0 application when accessing a d

    Thanks for the information.

    Thanks

    Eric

    "Steven Cheng[MSFT]" wrote:

    > Thanks for the response Eric,
    >
    > I think it should be OK. Since you're using IIS6, if the ASP.NET
    > application virtual dir is configured to use the Default Application Pool
    > and your ASP.NET dosn't use impersonate, it should be the NT
    > AUTHORITY\NETWORK SERVICE account. Anyway, you can use the below code to
    > printout the security identity of the current running thread:
    >
    > Response.Write("<br/>" +
    > System.Security.Principal.WindowsIdentity.GetCurrent().Name);
    >
    > BTW, as for the "Network Service" account you mentioned when configure the
    > UNC share's permission, are you sure you are refering to the ASP.NET
    > server's Network Service account( rather than the UNC share machine's
    > Network Service account)? Network Service just represent machine's account
    > so it differs from machine to machine.
    >
    > In addition, you can turn on the File access Audit for that UNC folder on
    > that machine, this can help capture the Access failture log.
    >
    > 3How To Audit User Access of Files, Folders, and Printers in Windows XP
    > http://support.microsoft.com/kb/310399/en-us
    >
    > Regards,
    >
    > Steven Cheng
    > Microsoft Online Support
    >
    > Get Secure! www.microsoft.com/security
    > (This posting is provided "AS IS", with no warranties, and confers no
    > rights.)
    >
    >
    =?Utf-8?B?ZXN3YW5zb24=?=, Mar 10, 2006
    #6
  7. Re: access denied in an asp.net 2.0 application when accessing a d

    Thanks for the quick response.

    Glad that they're of assistance. Please feel free to let me know if you
    need any further help.

    Regards,

    Steven Cheng
    Microsoft Online Support

    Get Secure! www.microsoft.com/security
    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)
    Steven Cheng[MSFT], Mar 10, 2006
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?Q2hhcnRz?=
    Replies:
    4
    Views:
    524
    =?Utf-8?B?SmFtZXM=?=
    Oct 11, 2006
  2. Ros@
    Replies:
    3
    Views:
    623
  3. Vikram
    Replies:
    0
    Views:
    759
    Vikram
    Apr 5, 2006
  4. Replies:
    0
    Views:
    1,721
  5. Philip
    Replies:
    1
    Views:
    160
    Dominick Baier [DevelopMentor]
    Sep 16, 2005
Loading...

Share This Page