Problem accessing folder on file server from web server (ASP.NET)

Question

3.33/5 (3 votes)

See more:

Could someone help me understand issues related to permissions in accessing a folder on file server from ASP.NET.

I use the below -
Web Server - IIS 5.1
File Server
ASP.NET 3.5

1. I created two virtual directories in IIS in the web server. One holds the files for the a) application and the other points to b)files directory on the file server.
2. I created a new user "NEWUSER" on both the web server and the file server and added them to corresponding servers' administrators group.
3.
a) Application virtual directory has windows integrated authentication checked, anonymous authentication disabled.
b) Files virtual directory has anonymous access enabled for NEWUSER.
4.
Directory on file server has been given full security access for NEWUSER. I have also shared this directory for NEWUSER.
5.
I have below configuration defined in ASP.NET client web.config.
<pre lang="xml"><authentication mode="Windows"/>
</pre>

This is my code below.
__________________________________________________________

<pre>private void PopulateGrid()
    {
        try
        {
            DirectoryPath = @"\\[WEBSERVER]\[filesVirtualDirectory]\" + Convert.ToString(Request.QueryString["ID"]);
            DirectoryInfo currentDirInfo = new DirectoryInfo(DirectoryPath);
            // pass a class object as datasource to gridView object
            fsItems = new List&lt;FilesInfo&gt;();
            if (currentDirInfo.Exists)
            {
                foreach (FileInfo fi in currentDirInfo.GetFiles())
                {
                    FilesInfo fInfo = new FilesInfo();
                    fInfo.Name = fi.Name;
                    fInfo.Extension = fi.Extension;
                    fInfo.FileLink = "//[WEBSERVER]/[filesVirtualDirectory]/" + Convert.ToString(Request.QueryString["ID"]) + "/" + fi.Name;
                    fsItems.Add(fInfo);
                }
            }
            gvFiles.DataSource = fsItems;
            gvFiles.DataBind();
        }
        catch (Exception ex)
        {
            ExceptionLogger.LogError(ex);
        }
    }</pre>

The code reads contents from directory and populates on to a grid. When I run my application on the webserver, the web server fails to list contents of the directory, no errors are produced though. When I attempt to upload a document to this folder, I receive an error - "Network Path not found". I have code written using Word interop that creates a document and saves to this folder. I get a "Access to Path denied error" on this.

When the application is run on my machine (localhost), it works. I can successfully upload / delete documents from this folder. I however get an unknown error when application attempts to save the word interop document on to this folder. The web page still refers to webserver's FilesVirtualDirectory even though it is run from localhost.

Any thoughts?
Thanks.

Posted 24-Feb-11 9:31am

sujanir

Updated 1-Mar-11 11:25am

v4

Add a Solution

4 solutions

Solution 1

Not in my experience. IIS seems to take the lazy way and go anonymous, even if there are Windows creds available.

As far as accessing a folder on the server...Windows credentials or not, IIS won't pretend to be anyone other than itself (or the app pool user) unless you explicitly impersonate a user, in which case you can set up your app to access the folder without really involving the user's creds at all.

Is there a reason you can't give permissions to NETWORK SERVICE (or whatever is running your IIS) to that folder?

Posted 24-Feb-11 11:17am

GenJerDan

Updated 24-Feb-11 11:18am

v2

Comments

sujanir 24-Feb-11 17:51pm

Thanks for that. I shared the folder and gave full permissions to "NETWORK SERVICE". This allows the documents to be read. But fails at the point of creating a new directory under the folder (or) writing files on to this folder. Any thoughts?

GenJerDan 24-Feb-11 19:28pm

Probably some other security setting, but don't know. Windows & IIS have both locked themselves down pretty well as far as access to the drives/network go. I don't have IIS here (and not v5, anywhere) so I can't investigate further at the moment.

Solution 2

Did you check whether your IIS user(IUSR) has write permission on the target folder or not? I think you need to set full permission for IUSR instead of NETWORK SERVICE

Posted 1-Mar-11 16:29pm

Sreejith Gopinathan

Updated 1-Mar-11 16:31pm

v2

Comments

sujanir 1-Mar-11 22:33pm

Thanks for going through my post & replying. Yes, IIs user has full permissions.

Solution 4

In order to authenticate using windows integration and also to allow access for any anonymous user to access a folder from the network, use the below settings -

1. IIS - enable 'Integrated Windows authentication' and disable anonymous access.
2. Web.Config file -

XML

<authentication mode="Windows"/>
       <identity impersonate="true" userName="<anonymous domain="" user="">" password="<password>" /></password></anonymous>

The application does not like accessing the folder files on the file server through a virtual directory on the web server. Therefore I had to hard-code the file server network path in the application (ASP.NET). This works!

Posted 7-Mar-11 15:54pm

sujanir

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

sujanir · Accepted Answer · 2011-03-02T12:21:00

Solution 3

The solution is simple. It is crazy that I overlooked this.

Conclusion
In order for the file server and the web server to communicate with each other, a common domain user has to be created. The user that I created was not a domain user. They were users only on those servers.

Posted 2-Mar-11 12:21pm

sujanir

Updated 2-Mar-11 14:14pm

v2