ASP.NET & UNC
-
I have an ASP.NET project, which should execute a command (calling Shell() function) on files are shared via UNC. The web server (IIS) and the file server are in the same domain. I have created a domain user, which has rights to read the shared directory on the file server, log on as batch job and log on as service grants on the IIS server and set this user as the anonymus access user under the IIS MMC for the application. And it can not reach the shared files. What is wrong? What is the solution to reach UNC shares from an ASP.NET application? (K)
-
I have an ASP.NET project, which should execute a command (calling Shell() function) on files are shared via UNC. The web server (IIS) and the file server are in the same domain. I have created a domain user, which has rights to read the shared directory on the file server, log on as batch job and log on as service grants on the IIS server and set this user as the anonymus access user under the IIS MMC for the application. And it can not reach the shared files. What is wrong? What is the solution to reach UNC shares from an ASP.NET application? (K)
Anonymous Access means that IIS will use a special account to access the files. You must grant this account rights to the directory in order to read/write to the directory. The exact account name depends on the way your system is set up. To find the name of the account go to Administative Tools-->Internet Information Service Open the tree and select the appropriate virtual directory. Right-Click-->Properties Select the Directory Security Tab Click "Edit" in the Anonymous access group. You'll see the account that ASP.NET uses to access resources as an anonymous user. --Colin Mackay--
-
Anonymous Access means that IIS will use a special account to access the files. You must grant this account rights to the directory in order to read/write to the directory. The exact account name depends on the way your system is set up. To find the name of the account go to Administative Tools-->Internet Information Service Open the tree and select the appropriate virtual directory. Right-Click-->Properties Select the Directory Security Tab Click "Edit" in the Anonymous access group. You'll see the account that ASP.NET uses to access resources as an anonymous user. --Colin Mackay--
The problem is that when you want to reach a remote resource from ASP.NET the ASPNET account should have extra permissions. (The account under Administative Tools --> Internet Information Services --> Properties --> Directory Security Tab is responsible for IIS and not for aspnet_wp.exe which will execute our function.) That is why I had to replace ASPNET account for aspnet_wp to a domain wide one, give her the sufficient privileges and rights to the local and remote resources. Now the domain account has rights to see anything allowed in the domain, and the function call can be performed on the UNC shared file. Scenario: 1. create a new domain account 2. on the IIS machine assign to it logon as batch job logon as service privileges 3. assign to it NTFS permissions on the IIS and on the UNC sharing machine 4. in machine.config's ser userName and password according to your new domain account Detailed information on replacing aspnet_wp's account: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT01.asp (K)