I have a winforms, and it connecting wit webservice.
Webservice has method which create folder
Directory.Create(path);
Webservice is at company server, and this folder must me create at another disc in out company.
When I invoke this method, i get exception "Access denied to path..."
When webservice was running at my computer everything was ok.
I have full access to this network disc.
But how to set full access to my company server??
When I check this method:
[WebMethod]
public string GetNameOfUser()
{
return WindowsIdentity.GetCurrent().Name;
}
I get <string>NT AUTHORITY\NETWORK SERVICE</string>
Rest of webmethods without directory instructions working properly
Edited Structure
Computer A is in domain and there is running win forms
Server A : there is running webservice
Network disc: there are folders with important files for winforms application
yes, we have a domain.Computer A has access to network disc.
As I understand, your application tries to create a folder which resides on a different server than the web application.
Your web application is running under a local account NT AUTHORITY\NETWORK SERVICE. In order to access a network share you need it to be running under an account available on both machines, for example a domain account.
If both the web server and the server with the network share are on a domain, you can:
Create a domain account
Grant the account write access to the parent folder where you want to create new folders
Make the Application Pool on your web server run under the domain account
This will should let your web application create foldera on the other server.
When you were running your web-app on your own machine, it worked onder your own account, therefore it could create directories.
On the server the app runs under an account with very low rights.
If you want to create those new directories below a specific fixed directory, you can allow that server account to modify that particular directory.
Related
Our C# web application on Windows/IIS v10 can access files on network shares without doing anything special. An ISAPI Extension that I wrote in C++ cannot access the same files. I am wondering why one works and not the other.
I found that ImpersonateLoggedOnUser allows me to get to the files. That requires the extension to have access to domain\userid\password for a network account that can get to the server. I am connecting to the database so I could store it in an encrypted column.
It depends on the User account used to run the application. This is set in the App Pool in IIS. The web application is configured the run in an App Pool as an account that has permissions to the appropriate folders. The C++ ISAPI extension is running in a different App Pool configured to use an account like Network Service that does not have permissions granted to the shares.
I am implementing an application that will create a folder on the NTFS File Server.
For that, I have set up the distributed environment. Meaning, I have machine on which I have hosted my C# Web API and I have NTFS file server on which I have to create folders.
I want my API to create a folder on NTFS machine. How can I do that?
Do I need to share NTFS Drive/Folder to create a subfolder? If so, then with whom I need to share a NTFS folder (either server user or IIS_USRS)?
Is there any other way to create a folder without sharing a drive/folder on NTFS folder.
When I have done this in the past I have done it through a temporary impersonation. For example...
using (Impersonator impersonate = new Impersonator(#"UserName", "Password", "Domain"))
{
//Create directory or copy files across the network
}
I believe I lifted my impersonator code from A small C# Class for impersonating a User
Case 1:
if web server and file server are in the same domain, you can consider to use a domain user, and created a shared folder on NTFS server and grant full access for the domain user accessing it. (depends on your requirements).
On web server, for the web application pool, set the domain user as the identity/credential to run the pool. so you can easily use IIS management tool to update it if password gets changed. for the authentication, you can use whatever you want based on requirements, but remember while you call the code to create folders on NTFS server, you need to use app pool user. (for example, if you turn on impersonation on a different user in authentication, in your code, you need to do impersonation using the pool user.)
Case 2,
web server and file server are not in the same domain, I usually will set up a ftp server on the file server to allow specific users to access it (creating folders and upload files....). Otherwise when you may need your IT administrator to make File server domain trust web server domain, then you can do the same thing as case 1.
About impersonation code, it could be something like:
//get the identity of an appPool
using(System.Security.Principal.WindowsIdentity wid = System.Security.Principal.WindowsIdentity.GetCurrent())
{
using (System.Security.Principal.WindowsImpersonationContext ImpersonationCtx = wid.Impersonate())
{
//creating folders, uploading files to UNC path...
ImpersonationCtx.Undo();
}
}
If your case is one of this, hope it helps.
We have a customer with multiple servers. Let's say the important ones are ServerX - their current production web server, ServerY - their share server, and ServerZ - their new web server they are trying to move to. Today, the .net application on ServerX uses an IIS7 virtual directory to point to a share folder on ServerY. I set up ServerZ's IIS virtual directory as exactly as I could to look the same (same Physical Path, Credentials, Logon type). But the Fileupload.SaveAs(...) method keeps failing with the message "System.UnauthorizedAccessException: Access to the path '\[ServerY][Share]\file.png' is denied."
I have checked permissions. Both ServerX and ServerZ's apppool identity is network service. The share was set up with full access to "Everyone." I even specified Network Service and the Credentials account to have access. The folder is not read only and, again, the site running on ServerX operates saves fine.
To add to my confusion, the application on ServerZ can read and open files from the virtual directory. It only has issue when I try to save a new one. And when logged into ServerZ with the Credentials used for the Virtual Directory, I can create/save files.
I should specify two more things:
I had to do some work to get ServerZ on Active Directory. Maybe I missed something in that step that would only affect the application?
Both ServerY and ServerZ are Server 2012 instances. ServerX is Server 2008.
Let me know if you have any other questions or suggestions. Thank you
I am using C# and Asp.net for developing the application and host same into some hosting service provider.
I need to authenticate users from Active Directory from different location.
Say for example my application is hosted on Asphost.com and the url of app is test.abc.co.in.The said sub domain is for Test client.
So how to use Test client Active directory users from my app.
Please suggest.
If I understand it correctly, this is not a C# or Asp.net problem, but a networking issue.
The Active directory is within the client's internal network and protected by firewalls that are not reachable from the location where you deploy the application.
My internal web app is on server //tom... but i need to upload a file from server //jerry..
while fileupload.saveas works just great to bring the file locally on //tom, when i try to send it back to //jerry, it tells me that access is denied. I tried to give permissions to //jerry/users to do everything but still nothing.
what is the user/group that a web app resting on //tom would be ?
in my code behind i even tried FIle.Copy (..). file.move etc.. but it tells me that access is denied to that particular file from //jerry...
what can i do ?
PS: when i run the web app locally (localhost), everything works just fine, the problem happens only when i go live...
This sounds like a permissions issue. When you run the app locally, it's most likely running under your account but on the server it usually defaults to the NetworkService account, which probably isn't in the network domain. You'll likely need to create a domain account to run your application under, either that or impersonate the user's domain account if they have access to the directory.