Re: Writing to a network share

From: Prodip Saha (psaha_at_bear.com)
Date: 04/23/04 

Date: Fri, 23 Apr 2004 15:05:20 -0500

Take a close look at this document--
Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication.

Or,
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT01.asp

If you are using Windows Authentication--follow the Mirrored Account with No impersonation. That's the easiest way to access network resources.

"Tyler Davey" <anonymous@discussions.microsoft.com> wrote in message news:715EB9C1-2DD9-4E52-B902-284DA7833F6D@microsoft.com...
> I posted this message in dotnet.framework.security, and was told to repost it here
>
> Alright, I've been trying to figure out the solution to this problem for a few days and I'm officially stumped.
>
> My web app server, Machine A, needs the ability to create a file(xml) on my db server, Machine B. The application performs this task after a user invokes a business object through an ASP.net page. Now, if I do this on the app server (ie, log on locally), it works fine. However, if i do this from another client machine, Machine C, I get the beautiful error message:
>
> Access to path \\machineb\log\log.xml is denied.
>
> <code>
> Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
>
> Exception Details: System.UnauthorizedAccessException: Access to the path "\\orchard\Log\test.xml" is denied.
>
> ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6) that is used if the application is not impersonating. If the application is impersonating via <identity impersonate="true"/>, the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user.
>
> To grant ASP.NET write access to a file, right-click the file in Explorer, choose "Properties" and select the Security tab. Click "Add" to add the appropriate user or group. Highlight the ASP.NET account, and check the boxes for the desired access.
>
> </code>
>
> Now, here is what I've done:
>
> I've given full control to the directory on the network share to everyone
> I've changed machine.config process model to the SYSTEM account. When that didn't work, I changed it to my network account, which has local admin rights on the network.
> I've tried mucking around with the Internet zone permissions and Intranet zone permissions through the .net tools, giving both full trust priviledges, no luck
> We've set the asp.net service to log on as a local system account, network system account, my domain account, and finally, the domains admin account, still no luck
>
> My code is very simple:
>
> <code>
> private void Button1_Click(object sender, System.EventArgs e)
> {
> XmlTextWriter writer = new XmlTextWriter(@"\\machinea\Log\log.xml", Encoding.UTF8);
> writer.WriteStartDocument();
> writer.WriteStartElement("DATA");
> writer.WriteElementString("TEST", "Is this going to work");
> writer.WriteEndElement();
> writer.WriteEndDocument();
> writer.Close();
> }
> </code>
>
> So, what am I missing?
>
>