Saving files to network shares in ASP.net 2.0

[Guest]

We have an ASP.NET 2.0 web application running on a Windows 2003 domain
controller. Part of that application needs to read and write files from and
to a network share ( living on a MAC Xserveraid) on the same network segment.

I mapped a drive on the server to that share. When mapping the drive, I
could enter access credentials for the shares (an account from the Mac side
that does not exist in the windows domain). Using Windows Explorer, I can now
read and write to the share just fine.

I then created a Virtual directory to point to that share. That worked fine.
Looking at the virtual directory in IIS, the file I put there using Windows
Explorer is visible, but I cannot do anything with it.

Using the web application I can neither read from nor write to that
directory. I parked a plain html file on it, but it will not display using
http://.../virtualD/file.htm - I get a 500 internal server error.

There is no ASP.NET account on that server. I created an Application Pool
specifically for that application it runs under the Network Service account.
There currently are only 1 user account (mine) and admin account, IUSR and
IWAM accounts on that server.

What's the trick to get to read and write to that share from the web app?

Thanks You!

 

[Cowboy \(Gregory A. Beamer\)]

You have a variety of issues and a kludged process to solve it.

Issue #1:
MAC computer. This is not insurmountable, esp. if you can a) open the perms
to the directory and map using a UNC path b) add the computer to the domain,
which is possible, although a bit of a pain or c) create a service app that
does the transfer (you local app will dump to a directory you have control
over and the service will file watch and move).

Issue #2
You are on a domain controller. This is not a good idea. THe security
profile for a DC is very strict. Can you reduce it? Sure. Hack at the IIS
permissions, the local policy (a bit tricky as the tool is now hidden), the
..NET security files and you should be golden. You also open your world for
hackers, so you have to ask how important it is to write to this mac.

Suggestions
Best is to move the files off the DC and put them on a dedicated web server
where they belong. Yeah, I know it sucks, esp. on a small network, to have a
machine dedicated to log in only, but it is a price to pay for networking
with security.

If this is impossible, consider a two step solution. Web app drops files in
its sandbox, a service running as a super user sees the file and moves it.
It requires more debugging, but it should work fine and not require opening
your network to the world. You may have to use UNC instead of the mapped
folder, although that yields its own set of issues. If a .NET Service will
not work without changing security, you can move to a COM+ application,
which should have the rights.

Final option, of course, is to open up the DC security to allow what you
desire. First is to allow transversal for web apps, so it can write outside
of its own sandbox. This alone may solve your issue, but realize that you
should lock the site down extremely to only allow writing through the share.

--
Gregory A. Beamer

*************************************************
Think Outside the Box!
*************************************************

 

[Guest]

Wow...well, the good thing is, the app on that web server is an internal only
app, so the web server will not be at all reachable from the outside. I'm
comfortable opening up the DC security and/or IIS security to the point where
I can at least read from and write to the share on the XServeRaid using
ASP.NET 2.0.

How do I open up security to allow me to do that?

Btw - I can red and write to/from the share already using Windows Explorer,
so it appears all that is needed is reducing IIS security, no? Maybe running
the application pool under an admin account? (haven't tried this as I didn't
want to mess things up just yet)