Denied Access ERROR - Help

[Microsoft News]

I have a web server sitting on computer 1, (QA1). Out on the network on my
main server I have a folder with a zip file in it. All I want is for the
web services that are on the web server to pick up the Zip file and send it
when the web services are called.

However I am getting the following error:
-- Message: System.Web.Services.Protocols.SoapException: Server was unable
to process request. ---> System.ApplicationException:
System.UnauthorizedAccessException: Access to the path
"\\10.0.0.1\Development\IO Deployment\QA Updates\Update 1.57\1.57.zip" is
denied.
at System.IO.__Error.WinIOError(Int32 errorCode, String str)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess
access, FileShare share, Int32 bufferSize, Boolean useAsync, String msgPath,
Boolean bFromProxy)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess
access, FileShare share)
at Microsoft.Web.Services2.Dime.DimeAttachment..ctor(String type,
TypeFormat typeFormat, String path)
at OrionNetWebServices.OrionNetWebServices.UpdateInstallation(String
AuthorizationCode, String ValidationTimeStamp, String CurrentInstallation,
Boolean ForceGetUpdate)
at OrionNetWebServices.OrionNetWebServices.UpdateInstallation(String
AuthorizationCode, String ValidationTimeStamp, String CurrentInstallation,
Boolean ForceGetUpdate)
--- End of inner exception stack trace ---
-- Source: System.Web.Services
-- Trace: at
System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage
message, WebResponse response, Stream responseStream, Boolean asyncCall)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String
methodName, Object[] parameters)
at
RemoteSrvMngr.localhost.OrionNetWebServicesWse.UpdateInstallation(String
AuthorizationCode, String ValidationTimeStamp, String CurrentInstallation,
Boolean ForceGetUpdate)
at RemoteSrvMngr.CWebUpdate.GetUpdate(Single pgCurrentVersion, Boolean
pbOverRide)
-- Target: ReadResponse
-- Error Number: System.Web.Services.Protocols.SoapException


I've tried to follow the following document:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT01.asp

I did not fully understand "3. Assign NTFS Permissions", the QA1 computer is
just a Windows XP box, with FAT 32. So I am sure that it does not apply to
me anyway.

I have added to my web.config file:
<authentication mode="Windows" />
<identity impersonate="true" userName="xxxxxxx" password="yyyyyyyy" />

I have created an account to impersonate: xxxxxxxx
In User Rights Assignment under Local Policies, I have added the account to
the following:
Access this computer from the network
Deny logon locally
Log on as a batch job
Log on as a service

I created on my domain the same "xxxxxxx" account with the same password and
give that account FULL access to the Folder on the server that holds the Zip
file.

I also put in the Machine.config file the following:
<processModel
enable="true"
timeout="Infinite"
idleTimeout="Infinite"
shutdownTimeout="0:00:05"
requestLimit="Infinite"
requestQueueLimit="5000"
restartQueueLimit="10"
memoryLimit="60"
webGarden="false"
cpuMask="0xffffffff"
userName="xxxxxxx"
password="yyyyyyyyy"
logLevel="Errors"
clientConnectedCheck="0:00:05"
comAuthenticationLevel="Connect"
comImpersonationLevel="Impersonate"
responseDeadlockInterval="00:03:00"
maxWorkerThreads="20"
maxIoThreads="20"
/>


SO What am I missing? How come my web service still can not access the
folder needed to download the file. Is there something in IIS I need to have
setup. My IIS, virtual folder for the web services is setup as
Anonymous Access
User Name IUSR_QA1
Allow IIS to control password - checked
Authenticated access
Digest Authentication for Windows domain servers - checked
Realm: iorion.com
Integrated Windows Authentication - checked

Help would be appriecated.

Clyde

 

[Microsoft News]

Ok, More information:

I ran FileMon on the QA1 box when it was trying to access the ZIP file on
the network. In FileMon it said that the file was Access Denied when the
web service tried to access it. It used the account of QA1\xxxxxxxx.

So what does impersonate in the config file do? How does it work? How do
you get it to impersonate a network account on my main server?

I have a web server sitting on computer 1, (QA1). Out on the network on my
main server I have a folder with a zip file in it. All I want is for the
web services that are on the web server to pick up the Zip file and send it
when the web services are called.

However I am getting the following error:
-- Message: System.Web.Services.Protocols.SoapException: Server was unable
to process request. ---> System.ApplicationException:
System.UnauthorizedAccessException: Access to the path
"\\10.0.0.1\Development\IO Deployment\QA Updates\Update 1.57\1.57.zip" is
denied.
at System.IO.__Error.WinIOError(Int32 errorCode, String str)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess
access, FileShare share, Int32 bufferSize, Boolean useAsync, String
msgPath, Boolean bFromProxy)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess
access, FileShare share)
at Microsoft.Web.Services2.Dime.DimeAttachment..ctor(String type,
TypeFormat typeFormat, String path)
at OrionNetWebServices.OrionNetWebServices.UpdateInstallation(String
AuthorizationCode, String ValidationTimeStamp, String CurrentInstallation,
Boolean ForceGetUpdate)
at OrionNetWebServices.OrionNetWebServices.UpdateInstallation(String
AuthorizationCode, String ValidationTimeStamp, String CurrentInstallation,
Boolean ForceGetUpdate)
--- End of inner exception stack trace ---
-- Source: System.Web.Services
-- Trace: at
System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage
message, WebResponse response, Stream responseStream, Boolean asyncCall)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String
methodName, Object[] parameters)
at
RemoteSrvMngr.localhost.OrionNetWebServicesWse.UpdateInstallation(String
AuthorizationCode, String ValidationTimeStamp, String CurrentInstallation,
Boolean ForceGetUpdate)
at RemoteSrvMngr.CWebUpdate.GetUpdate(Single pgCurrentVersion, Boolean
pbOverRide)
-- Target: ReadResponse
-- Error Number: System.Web.Services.Protocols.SoapException


I've tried to follow the following document:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT01.asp

I did not fully understand "3. Assign NTFS Permissions", the QA1 computer
is just a Windows XP box, with FAT 32. So I am sure that it does not apply
to me anyway.

I have added to my web.config file:
<authentication mode="Windows" />
<identity impersonate="true" userName="xxxxxxx" password="yyyyyyyy" />

I have created an account to impersonate: xxxxxxxx
In User Rights Assignment under Local Policies, I have added the account
to the following:
Access this computer from the network
Deny logon locally
Log on as a batch job
Log on as a service

I created on my domain the same "xxxxxxx" account with the same password
and give that account FULL access to the Folder on the server that holds
the Zip file.

I also put in the Machine.config file the following:
<processModel
enable="true"
timeout="Infinite"
idleTimeout="Infinite"
shutdownTimeout="0:00:05"
requestLimit="Infinite"
requestQueueLimit="5000"
restartQueueLimit="10"
memoryLimit="60"
webGarden="false"
cpuMask="0xffffffff"
userName="xxxxxxx"
password="yyyyyyyyy"
logLevel="Errors"
clientConnectedCheck="0:00:05"
comAuthenticationLevel="Connect"
comImpersonationLevel="Impersonate"
responseDeadlockInterval="00:03:00"
maxWorkerThreads="20"
maxIoThreads="20"
/>


SO What am I missing? How come my web service still can not access the
folder needed to download the file. Is there something in IIS I need to
have setup. My IIS, virtual folder for the web services is setup as
Anonymous Access
User Name IUSR_QA1
Allow IIS to control password - checked
Authenticated access
Digest Authentication for Windows domain servers - checked
Realm: iorion.com
Integrated Windows Authentication - checked

Help would be appriecated.

Clyde