Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > access denied in an asp.net 2.0 application when accessing a direc

Reply
Thread Tools

access denied in an asp.net 2.0 application when accessing a direc

 
 
=?Utf-8?B?ZXN3YW5zb24=?=
Guest
Posts: n/a
 
      03-09-2006
on a different server.

I am currently getting an access denied when I attempt to do the following
in my asp.net page:

strFilePath = ConfigurationManager.AppSettings["imagesavedir"];

strFileName = strImageName + ".*";

DirectoryInfo di = new DirectoryInfo(Server.MapPath(strFilePath));

FileInfo[] fls = di.GetFiles(strFileName);

This is the error:

Access to the path '\\192.168.2.26\images\ProdSite\CENET' is denied.

What permissions do I need to set for this to work. The ip address is on
another windows 2003 server.

Thanks

Eric

 
Reply With Quote
 
 
 
 
Michael Hamrah
Guest
Posts: n/a
 
      03-09-2006
I think you want to grant read permission and directory browsing on the
ntfs level (properties -> security) to the IUSR_<servername> account,
then grant the same thing on the iis level via IIS Manager. There's
two levels of security- IIS and NTFS.

 
Reply With Quote
 
 
 
 
Steven Cheng[MSFT]
Guest
Posts: n/a
 
      03-09-2006
Thanks for Michael's input,

Hi Eric,

As for such security issue, we should first confirm what's the ASP.NET
application's running security context, if you're not using impersonate, it
should be the ASP.NET worker process's process account(this setting should
differ from IIS5 to IIS6). For IIS, it is the Machine\ASPNET account ,
while IIS6 by default use Network Service as the application pool idenitity.

And as for the remote UNC share, there're two permission settings, the NTFS
and the file share permission settings. Therefore, I suggest you check both
of them on the remote server machine and grant the proper use the
sufficient permission.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)










 
Reply With Quote
 
=?Utf-8?B?ZXN3YW5zb24=?=
Guest
Posts: n/a
 
      03-09-2006
Hi Steven,

I am running IIS 6.0.

How would I find out what security context I am running under?

On the share, I set the NetworkService account from webserver read only
access and on the NTFS security, I gave NetworkService account from webserver
ready only access also.

Basically, I want the remote users to only read/browse the files but not
change the files.

Is this the correct approach?

Thanks

Eric


"Steven Cheng[MSFT]" wrote:

> Thanks for Michael's input,
>
> Hi Eric,
>
> As for such security issue, we should first confirm what's the ASP.NET
> application's running security context, if you're not using impersonate, it
> should be the ASP.NET worker process's process account(this setting should
> differ from IIS5 to IIS6). For IIS, it is the Machine\ASPNET account ,
> while IIS6 by default use Network Service as the application pool idenitity.
>
> And as for the remote UNC share, there're two permission settings, the NTFS
> and the file share permission settings. Therefore, I suggest you check both
> of them on the remote server machine and grant the proper use the
> sufficient permission.
>
> Regards,
>
> Steven Cheng
> Microsoft Online Support
>
> Get Secure! www.microsoft.com/security
> (This posting is provided "AS IS", with no warranties, and confers no
> rights.)
>
>
>
>
>
>
>
>
>
>
>

 
Reply With Quote
 
Steven Cheng[MSFT]
Guest
Posts: n/a
 
      03-10-2006
Thanks for the response Eric,

I think it should be OK. Since you're using IIS6, if the ASP.NET
application virtual dir is configured to use the Default Application Pool
and your ASP.NET dosn't use impersonate, it should be the NT
AUTHORITY\NETWORK SERVICE account. Anyway, you can use the below code to
printout the security identity of the current running thread:

Response.Write("<br/>" +
System.Security.Principal.WindowsIdentity.GetCurre nt().Name);

BTW, as for the "Network Service" account you mentioned when configure the
UNC share's permission, are you sure you are refering to the ASP.NET
server's Network Service account( rather than the UNC share machine's
Network Service account)? Network Service just represent machine's account
so it differs from machine to machine.

In addition, you can turn on the File access Audit for that UNC folder on
that machine, this can help capture the Access failture log.

3How To Audit User Access of Files, Folders, and Printers in Windows XP
http://support.microsoft.com/kb/310399/en-us

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 
Reply With Quote
 
=?Utf-8?B?ZXN3YW5zb24=?=
Guest
Posts: n/a
 
      03-10-2006
Thanks for the information.

Thanks

Eric

"Steven Cheng[MSFT]" wrote:

> Thanks for the response Eric,
>
> I think it should be OK. Since you're using IIS6, if the ASP.NET
> application virtual dir is configured to use the Default Application Pool
> and your ASP.NET dosn't use impersonate, it should be the NT
> AUTHORITY\NETWORK SERVICE account. Anyway, you can use the below code to
> printout the security identity of the current running thread:
>
> Response.Write("<br/>" +
> System.Security.Principal.WindowsIdentity.GetCurre nt().Name);
>
> BTW, as for the "Network Service" account you mentioned when configure the
> UNC share's permission, are you sure you are refering to the ASP.NET
> server's Network Service account( rather than the UNC share machine's
> Network Service account)? Network Service just represent machine's account
> so it differs from machine to machine.
>
> In addition, you can turn on the File access Audit for that UNC folder on
> that machine, this can help capture the Access failture log.
>
> 3How To Audit User Access of Files, Folders, and Printers in Windows XP
> http://support.microsoft.com/kb/310399/en-us
>
> Regards,
>
> Steven Cheng
> Microsoft Online Support
>
> Get Secure! www.microsoft.com/security
> (This posting is provided "AS IS", with no warranties, and confers no
> rights.)
>
>

 
Reply With Quote
 
Steven Cheng[MSFT]
Guest
Posts: n/a
 
      03-10-2006
Thanks for the quick response.

Glad that they're of assistance. Please feel free to let me know if you
need any further help.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Very annoying error: Access to the path is denied. ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity Jay ASP .Net 2 08-20-2007 07:38 PM
Visual Studio 2005 Beta 2 project cannot work in IIS virtual direc =?Utf-8?B?Q2hhcnRz?= ASP .Net 4 10-11-2006 12:19 PM
Access Denied error while accessing a DCOM Component from VB.Net application nikhil.bharathesh@gmail.com ASP .Net 0 08-30-2006 06:10 PM
direc to dvdr Brian Houghtby DVD Video 6 04-09-2006 01:58 PM
403 Forbidden: You were denied access because: Access denied by access control list Southern Kiwi NZ Computing 6 03-19-2006 05:19 AM



Advertisments