ASP.NET application cannot access network drive
-
My ASP.NET application needs read/write permissions for drive "Z:", which is mapped to my Linksys Gigadrive (Network Attached Storage...if anyone is familiar with that). If I configure the Gigadrive with "Guest" access rights, then everything works fine, BUT this leaves the drive vulnerable to everyone/everything including network viruses. Lately, my drive has had several attacks by the Lovegate virus. Eliminating such attacks requires making my drive private, meaning I must remove "Guest" access rights and only allow logged-in users to access the drive through the ASP.NET applicaiton. The problem is that without "guest" access rights, the ASP.NET application itself cannot access the drive! Is my ASP.NET application a "user" that I must add to the list of priviledged users on the Gigadrive? Well, I tried adding users "ASPNET" and "IUSR_MyComputer" to the Gigadrive, but it didnt seem to work. Again, if I allow the "Everyone" group (which includes the user "Guest") to have persmission to the drive, then everything works. Can someone please help me?
-
My ASP.NET application needs read/write permissions for drive "Z:", which is mapped to my Linksys Gigadrive (Network Attached Storage...if anyone is familiar with that). If I configure the Gigadrive with "Guest" access rights, then everything works fine, BUT this leaves the drive vulnerable to everyone/everything including network viruses. Lately, my drive has had several attacks by the Lovegate virus. Eliminating such attacks requires making my drive private, meaning I must remove "Guest" access rights and only allow logged-in users to access the drive through the ASP.NET applicaiton. The problem is that without "guest" access rights, the ASP.NET application itself cannot access the drive! Is my ASP.NET application a "user" that I must add to the list of priviledged users on the Gigadrive? Well, I tried adding users "ASPNET" and "IUSR_MyComputer" to the Gigadrive, but it didnt seem to work. Again, if I allow the "Everyone" group (which includes the user "Guest") to have persmission to the drive, then everything works. Can someone please help me?
I'll admit I'm stabbing in the dark here. It looks like the drive (I'm looking at the manual at http://images.amazon.com/media/i3d/01/MANUAL000003123.pdf[^]) only supports user authentication through user names and passwords transmitted by Windows. It doesn't have a domain relationship - it authenticates all users itself rather than trusting your computer or your domain controller (if you have a domain) to authenticate users. In order to do this, the ASP.NET application needs to transmit a user name and password to the drive. I think you will need to set a password for the ASPNET user account on your system and set the same password on the drive. You'll also need to set up ASP.NET to use that password when logging on the ASPNET user - see the documentation for the
<processModel>element of themachine.configfile. You can also use<processModel>to run your ASP.NET applications under a different user account. -
My ASP.NET application needs read/write permissions for drive "Z:", which is mapped to my Linksys Gigadrive (Network Attached Storage...if anyone is familiar with that). If I configure the Gigadrive with "Guest" access rights, then everything works fine, BUT this leaves the drive vulnerable to everyone/everything including network viruses. Lately, my drive has had several attacks by the Lovegate virus. Eliminating such attacks requires making my drive private, meaning I must remove "Guest" access rights and only allow logged-in users to access the drive through the ASP.NET applicaiton. The problem is that without "guest" access rights, the ASP.NET application itself cannot access the drive! Is my ASP.NET application a "user" that I must add to the list of priviledged users on the Gigadrive? Well, I tried adding users "ASPNET" and "IUSR_MyComputer" to the Gigadrive, but it didnt seem to work. Again, if I allow the "Everyone" group (which includes the user "Guest") to have persmission to the drive, then everything works. Can someone please help me?
I was playing around with the NAS a little more and I notice that whenever I create a new user with the name "aspnet", I receive the same error: "Could not find a part of the path 'z:\'". The odd thing is even though "aspnet" is a member of the "everyone" group in NAS, and that the "everyone" group does have R/W access to the share folder, the application is still not able to write to the folder. Now if I delete the "aspnet" user altogether, everything works like normal (where "everyone" has access). By the way, for your info (but im sure everyone here probably knows this already) "ASPNET" is actually the user account that the asp.net worker process (aspnet_wp.exe) is configured to runs as in IIS/windows. There seems to be some correlation, but I just dont know exactly what. If this info has shedded some light on this problem, please let me know. THanks.
-
I'll admit I'm stabbing in the dark here. It looks like the drive (I'm looking at the manual at http://images.amazon.com/media/i3d/01/MANUAL000003123.pdf[^]) only supports user authentication through user names and passwords transmitted by Windows. It doesn't have a domain relationship - it authenticates all users itself rather than trusting your computer or your domain controller (if you have a domain) to authenticate users. In order to do this, the ASP.NET application needs to transmit a user name and password to the drive. I think you will need to set a password for the ASPNET user account on your system and set the same password on the drive. You'll also need to set up ASP.NET to use that password when logging on the ASPNET user - see the documentation for the
<processModel>element of themachine.configfile. You can also use<processModel>to run your ASP.NET applications under a different user account.I see what you mean about the NAS only being able to authenticate via usernames and passwords. So I created an "aspnet" user and password on the NAS, and I modified the contents of the so that username="aspnet" and password="(password)". But do not know how to "set a password for the ASPNET user account on your system" like you mention. Where do I go to do that? Anyway, with the changes I have made, it still doesnt not work. However, something weird came up... (please see my "problem update" post in the same thread). Thanks.
-
My ASP.NET application needs read/write permissions for drive "Z:", which is mapped to my Linksys Gigadrive (Network Attached Storage...if anyone is familiar with that). If I configure the Gigadrive with "Guest" access rights, then everything works fine, BUT this leaves the drive vulnerable to everyone/everything including network viruses. Lately, my drive has had several attacks by the Lovegate virus. Eliminating such attacks requires making my drive private, meaning I must remove "Guest" access rights and only allow logged-in users to access the drive through the ASP.NET applicaiton. The problem is that without "guest" access rights, the ASP.NET application itself cannot access the drive! Is my ASP.NET application a "user" that I must add to the list of priviledged users on the Gigadrive? Well, I tried adding users "ASPNET" and "IUSR_MyComputer" to the Gigadrive, but it didnt seem to work. Again, if I allow the "Everyone" group (which includes the user "Guest") to have persmission to the drive, then everything works. Can someone please help me?
I GOT IT TO WORK! WOOHOOOO!!!! I finally figured out a way to disable all "guest" access to the NAS drive, and only allow my ASP.NET application to access it. The solution was to create a new "ASPNET" user account on the NAS drive WITHOUT setting any password. This "ASPNET" account is made to correspond to the same "ASPNET" user account that IIS uses to execute the ASP.NET application in the Windows environment. The key here is to leave the password field blank. The reason for this is that (although I could be wrong) notice in the machine.config file (at least my machine.config file) that the username/password attributes of the <processModel> tag is "machine"/"AutoGenerate". This gives me the notion that the password for Window's "ASPNET" account is automatically generated by Windows/IIS, thus, requiring the password field in NAS to be set blank (to accept any password that IIS may have generated) for its ASPNET user. Only then will it be possible for the NAS to authenticate the ASPNET user and allow access. By allowing only the "ASPNET" user and disallowing the "guest" user, I believe that my NAS will now be safe from any unwanted network intruders. And finally thanks to everyone who has offered input and tried to help. Oh, one more thing to note, and this may probably invalidate my whole reasoning above. A lot of advices I get from ppl on these forums is to create a user account on the NAS that matches the user account that the Windows' aspnet_wp.exe worker process uses. What I did above is the same thing, just that I didnt not set a password for the account. So I decided to try setting a same password for the "ASPNET" user both in Windows ("Admin Tools" -> "Comp Management" -> "Local Users and Groups" -> "Users") and in NAS. I also modifed the <processModel> tags in machine.config so that username/password = "ASPNET"/"(password)". Strangely, this did not work. Some other people say to let the aspnet_wp.exe process use an existing Window user's account to run. So in machine.config I set username/password = "myUsername"/"(myPassword)". I created the same account on the NAS as well. Again, sadly, this method did not work either. But who cares now??!! It working!! LOL