Access to non-virtual-directory UNC paths from IIS 6.0

Discussion in 'ASP .Net Security' started by Jeff Johnson [MVP: VB], Jul 27, 2004.

  1. [Please let me know if there is a better group in which to post this
    question.]

    Background:
    We have an ASP.NET Web app in my company which compares two data sources and
    reports the differences between them. This app can handle different types of
    data, both DBMS- and file-based. For file-based comparisons, we want the
    user to be able to point to any share on the network to find the file. Given
    this desire, we can't set up virtual directories to every possible share on
    our network, so we need the code to be able to access the file through pure
    UNC references.

    Here's more detail:
    - The Web server is running IIS 6.0 on Windows 2003 Server (duh).
    - The Web server is part of our internal domain (not our Web farm), let's
    call it MYCOMPANY.
    - The WWW service (and IISAdmin) is running under LocalSystem.
    - This particular Web site is NOT allowing anonymous access; the only access
    is Integrated Windows Authorization.
    - The page that is having problems has two INPUT TYPE="file" text boxes
    which the user uses to specify the files for comparison.
    - The code behind the page attempts to open OledbConnections against the UNC
    paths taken from the INPUT boxes.
    - This is the error we're getting:
    The Microsoft Jet database engine cannot open the file
    '\\BOB\BobsShare\SubFolder\AccessDB.mdb'. It is already opened exclusively
    by another user, or you need permission to view its data.

    No one has it open exclusively, and permissions are set correctly both on
    the share (\\BOB\BobsShare) and on the underlying folder structure.
    Specifically, the Everyone group has Change access through the share and
    Modify access through NTFS.

    I researched this issue through Google (thank god it's back up!) and came
    across a TechNet article,
    http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/webapp/iis/remstorg.mspx.
    I tried trusting the Web server for delegation, and gave it a half hour to
    propagate the changes, but I still got the same error. I noticed that the
    article really focuses on UNC paths used as the target of virtual
    directories and, as stated earlier, that's not how we want to set this up.

    Has anyone run into this issue before under these circumstances (i.e., no
    anonymous access, code hitting UNC paths)? Any suggestions? Can anyone
    confirm that what we want to do simply can't be done with IIS 6.0?
    Jeff Johnson [MVP: VB], Jul 27, 2004
    #1
    1. Advertising

  2. "Jeff Johnson [MVP: VB]" <> wrote in message
    news:ei$1VA$...
    > [Please let me know if there is a better group in which to post this
    > question.]
    >
    > Background:
    > We have an ASP.NET Web app in my company which compares two data sources

    and
    > reports the differences between them. This app can handle different types

    of
    > data, both DBMS- and file-based. For file-based comparisons, we want the
    > user to be able to point to any share on the network to find the file.

    Given
    > this desire, we can't set up virtual directories to every possible share

    on
    > our network, so we need the code to be able to access the file through

    pure
    > UNC references.
    >
    > Here's more detail:
    > - The Web server is running IIS 6.0 on Windows 2003 Server (duh).
    > - The Web server is part of our internal domain (not our Web farm), let's
    > call it MYCOMPANY.
    > - The WWW service (and IISAdmin) is running under LocalSystem.
    > - This particular Web site is NOT allowing anonymous access; the only

    access
    > is Integrated Windows Authorization.
    > - The page that is having problems has two INPUT TYPE="file" text boxes
    > which the user uses to specify the files for comparison.
    > - The code behind the page attempts to open OledbConnections against the

    UNC
    > paths taken from the INPUT boxes.
    > - This is the error we're getting:
    > The Microsoft Jet database engine cannot open the file
    > '\\BOB\BobsShare\SubFolder\AccessDB.mdb'. It is already opened exclusively
    > by another user, or you need permission to view its data.
    >
    > No one has it open exclusively, and permissions are set correctly both on
    > the share (\\BOB\BobsShare) and on the underlying folder structure.
    > Specifically, the Everyone group has Change access through the share and
    > Modify access through NTFS.


    Can you enable security auditing on the file path to see what account is
    being denied access?

    --
    Tom Kaminski IIS MVP
    http://www.microsoft.com/windowsserver2003/community/centers/iis/
    http://mvp.support.microsoft.com/
    http://www.iisfaq.com/
    http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS
    http://www.tryiis.com
    Tom Kaminski [MVP], Jul 27, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Tor Rest

    Copy using UNC paths

    Tor Rest, Aug 11, 2003, in forum: Perl
    Replies:
    1
    Views:
    3,732
    J├╝rgen Exner
    Aug 12, 2003
  2. Dwaine
    Replies:
    0
    Views:
    543
    Dwaine
    Feb 16, 2004
  3. Steve Singer
    Replies:
    0
    Views:
    530
    Steve Singer
    Feb 15, 2005
  4. =?Utf-8?B?U3RldmU=?=

    Directory.Exists() with UNC Network Paths

    =?Utf-8?B?U3RldmU=?=, Feb 11, 2006, in forum: ASP .Net
    Replies:
    0
    Views:
    756
    =?Utf-8?B?U3RldmU=?=
    Feb 11, 2006
  5. Dwaine
    Replies:
    0
    Views:
    241
    Dwaine
    Feb 17, 2004
Loading...

Share This Page