I am using a Tree View Directory browser in my application. I am using
DirectoryInfo.GetDirectories()
DirectoryInfo.Getfiles()
My requirement is that I need to browse the server folders from client with this. I am able to access shared drives also from the same machine. I hosted the site in IIS6 in a virtual directory. When I try to access the shared drive from the client I dont find it. Do we have to do something in IIS? I tried giving IdentityImpersonate="true" but still getting same problem.
This is a double hop problem. The IIS server would have to do delegation to move your credentials across 2 hops, (your machine to IIS - IIS to file share). Configuring delegation is a tricky process, but I haven't tried in a while, maybe the diagnostics have improved. Normally you follow the delegation instructions and still get access denied.
The easier solution is to use explicit credentials to go from IIS to the file share. The down side to this is that you have to specify username and password of a windows account somewhere in your web.config or source code.
Related
I've internal Asp.Net Core Site running on IIS10 in my company.
Now i thought its a good idea to access pdf files from another server via a virtual directory. (Maybe someone has another idea)
We have 1 Server with Active Directory User, the File Server and the Server where IIS is running.
I tried absolut everything with permissions, at the end nearly everything had Admin Access but IIS still keeps meaning it has not enough permissions.
(Maybe i missed a restart at some point, i dont know)
I read much about the iis_iusrs the active directory has no user only a group where i added the iis user.
Other way giving the folder iisServer\iis_iusrs permissions isnt accepted
I've this error:
https://learn.microsoft.com/en-us/troubleshoot/iis/http-error-500-19-webpage
I read that its not the web.config but tried also many permission options.
At the end i'm pretty confused, didnt think that its so complicated or maybe i'm doing everything wrong
Maybe someone knows a way for dummys which always work.
You can try this way to slove the question:
Open the Internet Information Services.
Expand the root node, expand Sites, and right-click on your Application, click Manage Web Site ->Advanced Settings.
Note down the Application Pool name under General settings and close the window.
Now go to Application Pools section, here you can see what Identity is used in the corresponding Application Pool.
Here, the user account testuser1 is configured in Application Pool. So we need give required permissions for this user in the website directory.
Go the abother web directory folder, right-click on the folder and click Properties.
Set required permissions for the Identity(testuser1) that used in ApplicationPool.
Restart Application Pool and Web Application and try again.
I have an application developed using ASP.NET Web API deployed to a site in IIS. Recently the application began crashing during initialization due to an exception saying that it could not access a particular folder (where it writes logs to). The app pool being used by the site uses a domain account and I verified that that account has full permissions on the folder, just as it always has. What wound up fixing the problem for me was to specify the username and password of a user who has access to the folder in the site's Physical Path Credentials field. Previously this had been set to "Application user (pass-through authentication)".
What could have changed in the application or IIS configuration to suddenly require this field to be set?
It turns out that this came down to a permissions issue. Write permissions on the folder for IIS_IUSRS got changed from Allow to Deny. After switching that back to Allow, I can remove the Physical Path Credentials setting.
We have a customer with multiple servers. Let's say the important ones are ServerX - their current production web server, ServerY - their share server, and ServerZ - their new web server they are trying to move to. Today, the .net application on ServerX uses an IIS7 virtual directory to point to a share folder on ServerY. I set up ServerZ's IIS virtual directory as exactly as I could to look the same (same Physical Path, Credentials, Logon type). But the Fileupload.SaveAs(...) method keeps failing with the message "System.UnauthorizedAccessException: Access to the path '\[ServerY][Share]\file.png' is denied."
I have checked permissions. Both ServerX and ServerZ's apppool identity is network service. The share was set up with full access to "Everyone." I even specified Network Service and the Credentials account to have access. The folder is not read only and, again, the site running on ServerX operates saves fine.
To add to my confusion, the application on ServerZ can read and open files from the virtual directory. It only has issue when I try to save a new one. And when logged into ServerZ with the Credentials used for the Virtual Directory, I can create/save files.
I should specify two more things:
I had to do some work to get ServerZ on Active Directory. Maybe I missed something in that step that would only affect the application?
Both ServerY and ServerZ are Server 2012 instances. ServerX is Server 2008.
Let me know if you have any other questions or suggestions. Thank you
My internal web app is on server //tom... but i need to upload a file from server //jerry..
while fileupload.saveas works just great to bring the file locally on //tom, when i try to send it back to //jerry, it tells me that access is denied. I tried to give permissions to //jerry/users to do everything but still nothing.
what is the user/group that a web app resting on //tom would be ?
in my code behind i even tried FIle.Copy (..). file.move etc.. but it tells me that access is denied to that particular file from //jerry...
what can i do ?
PS: when i run the web app locally (localhost), everything works just fine, the problem happens only when i go live...
This sounds like a permissions issue. When you run the app locally, it's most likely running under your account but on the server it usually defaults to the NetworkService account, which probably isn't in the network domain. You'll likely need to create a domain account to run your application under, either that or impersonate the user's domain account if they have access to the directory.
I recently built a program that parses a remote file from \some_server\c$\directory\file.xls and it works fine on my local machine as just a normal aspx page.
Then I put the program into web part
form on my VM SharePoint server and I
get this error: Access to the path
'\some_server\c$\directory\file.xls'
is denied.
The file is shared to Domain\Authenticated Users so I am not sure why it would be denied? Is it possible my SharePoint is trying to call it with a local or network service account? How can I get it to read? Thank you.
Salamander is right, SharePoint doesn't run with trust to do this.
Changing the trust level for SharePoint in it's web.config from WSS_Medium to Full is the quick solution, but there are security implications..
Just a quick note, you could be running into the classic NTLM Double-Hop issue. You can authenticate to the front end, but because the front end does not have your password, it cannot then authenticate to a resource on another server.
Running with Elevated priviliges, and setting permissions based on the Application Pool identity could be one way of moving your forward.
I think you will need RunWithElevatedPrivleges which will make SharePoint use the application pool account. Also keep in mind you will have to make sure that application pool account has access to that network share. Avoid using full trust.
Can you explain further what exactly setting the trust level does for you?
I would think that if your app pool identity is a domain account you can use SPSecurity.RunWithElevatedPrivileges to use the app pool credentials to access the file. Or, use impersonate to explicitly pass another account's credentials.
SharePoint usually runs in a separate application pool. Please check the identity of this application pool.
I think to be able to access network path, your code has to run in FULL TRUST, which I don't think SharePoint does.
Why not store the file in SharePoint so you have better access to it? Put it in a hidden library and access it using SPSecurity.RunWithElevatedPrivledges.
There are caveats to RWEP. Any reference to SPSite and SPWeb obtained from the SPContext (ie SPContext.Current.Site) will still run under the privledges of the logged on user. You must explicity create a reference inside the RWEP delegate.
SPSecurity.RunWithElevatedPrivileges(delegate()
{
using (SPSite site = new SPSite(SPContext.Current.Site.Url))
{
using (SPWeb web = site.OpenWeb())
{
//... Do something with SPWeb
}
}
});
If you need to access the file from outside sharepoint to update it with existing processes you can use the file share path which is available for all SPDocumentLibrary's but going to Actions --> Open with Windows Explorer to obtain the network path.