ASP Virtual Directory GetFolder Error

[lspoulin]

Hi,

We have a webpage browsing folders within the wwwroot. We need to
access a remote shared directory the same way.

We created a virtual directory in IIS with an alias pointing on this
remote directory. The virtual directory is accessible when we type it
in the address bar of IE but when we try accessing it with a
Scripting.FileSystemObject.

I wonder what is missing or what we are doing wrong.

Accessible :
http://<server-name>/<alias>
(I can browse the directory, download files, etc)

Not accessible :
Set fsoFolder = objFSO.GetFolder(Server.MapPath("<alias>"))
or
Set fsoFolder = objFSO.GetFolder("\\<remote-server-name>\<remote-
directory>")
or
Set fsoFolder = objFSO.GetFolder("http://<server-name>/<alias>")

When I tried these I got :

Server object error 'ASP 0177 : 800a004c'

Server.CreateObject Failed

/xslamweb/test-website/asp/xdsl_test.asp, line 43

The operation completed successfully

43 Set fsoFolder = objFSO.GetFolder(Server.MapPath("../../Ltdocs/"))



Can you please help me solve this problem.

Decoy

 

[Anthony Jones]

Hi,

We have a webpage browsing folders within the wwwroot. We need to
access a remote shared directory the same way.

We created a virtual directory in IIS with an alias pointing on this
remote directory. The virtual directory is accessible when we type it
in the address bar of IE but when we try accessing it with a
Scripting.FileSystemObject.

I wonder what is missing or what we are doing wrong.

Accessible :
http://<server-name>/<alias>
(I can browse the directory, download files, etc)

Not accessible :
Set fsoFolder = objFSO.GetFolder(Server.MapPath("<alias>"))
or
Set fsoFolder = objFSO.GetFolder("\\<remote-server-name>\<remote-
directory>")
or
Set fsoFolder = objFSO.GetFolder("http://<server-name>/<alias>")

When I tried these I got :

Server object error 'ASP 0177 : 800a004c'

Server.CreateObject Failed

/xslamweb/test-website/asp/xdsl_test.asp, line 43

The operation completed successfully

43 Set fsoFolder = objFSO.GetFolder(Server.MapPath("../../Ltdocs/"))



Can you please help me solve this problem.

Decoy

The problem is that when you create the alias on a UNC path IIS would have
asked you to enter some domain credentials that it will use when attempting
to access the folder. Hence instead of using the IUSR_<machinename> when
accessing anything in the alias folder IIS will use the provided
credentials.

Other code in your website won't benefit from this behaviour hence
attempting to use FSO to open the remote folder fails because the current
user underwhich the script is running doesn't have access to the folder.

Note also parent paths "../../" are disabled by default in IIS6.

The only simple solution I know of is to change the anonymous user account
to a domain account that has been granted access to the share. You can
limit this change to this one ASP page if you prefer.

 

[lspoulin]

Unfortunatly, this alternative seem to displease the security audit
department.

I tried as an alternative solution to map a drive from the webserver
to the fileserver. It worked fine, I can call objFSO.GetFolder("v:\"),
but as soon as I logoff, the drive is no longuer available.

Is there a way to create a permanent mapped drive ?

 

[Anthony Jones]

Unfortunatly, this alternative seem to displease the security audit
department.

I tried as an alternative solution to map a drive from the webserver
to the fileserver. It worked fine, I can call objFSO.GetFolder("v:\"),
but as soon as I logoff, the drive is no longuer available.

Is there a way to create a permanent mapped drive ?

Not that I know of but those clever guys in the security audit dept might
know?

You might ask them to justify their reasons for their 'displeasure' since I
see no reason why a single page that needs access to a file share shouldn't
be granted access to the file share. Utlimately for the app to work some
way to enable this has to be found. Since the solution I offered doesn't
open up holes to anywhere else I don't see their problem. I suspect they
haven't understood the requirement or the limited scope of access we are
talking about.

Are your users internal (IOW, are your users managed but the same security
audit dept that manages the server).

If so perhaps they can place all the users that require access to the remote
folder in a Group and grant that group the appropriate rights on the share
and folder contents. Turn off anonymous access on the ASP pages and turn on
windows integerated. Make sure each user has the server name added to their
browsers Intranet Zone which allows automatic use of NTLM. (In Firefox use
about:config setting network.automatic-ntlm-auth.trusted-uris).

Now when the users hit that page they will be automatically authenticated
and the ASP script will run under their security token. Since they've been
granted access the remote folder the FSO code will work.

However utlimately my original recommendation still stands, you need to make
the security audit deptarment accountable by asking for definitive reasons.

 

[lspoulin]

I think I get you all wrong the first time.

I will try your solution. The only problem I see is that my hands are
tied by a complex ticket system I need to wait for an IT guy to do it.

Thanks for your help.