Re: Writing to a network share

From: Ken Schaefer (kenREMOVE_at_THISadOpenStatic.com)
Date: 04/24/04 

Date: Sat, 24 Apr 2004 14:16:32 +1000

Hi

Machine\ASPNET is a local account - it can't be assigned permissions to
remote resources
LocalSystem is also a local account.

Try using a *domain* account that has permissions to the remote resource.

Cheers
Ken

"Tyler Davey" <anonymous@discussions.microsoft.com> wrote in message
news:715EB9C1-2DD9-4E52-B902-284DA7833F6D@microsoft.com...
: I posted this message in dotnet.framework.security, and was told to repost
it here
:
: Alright, I've been trying to figure out the solution to this problem for a
few days and I'm officially stumped.
:
: My web app server, Machine A, needs the ability to create a file(xml) on
my db server, Machine B. The application performs this task after a user
invokes a business object through an ASP.net page. Now, if I do this on the
app server (ie, log on locally), it works fine. However, if i do this from
another client machine, Machine C, I get the beautiful error message:
:
: Access to path \\machineb\log\log.xml is denied.
:
: <code>
: Description: An unhandled exception occurred during the execution of the
current web request. Please review the stack trace for more information
about the error and where it originated in the code.
:
: Exception Details: System.UnauthorizedAccessException: Access to the path
"\\orchard\Log\test.xml" is denied.
:
: ASP.NET is not authorized to access the requested resource. Consider
granting access rights to the resource to the ASP.NET request identity.
ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 or
Network Service on IIS 6) that is used if the application is not
impersonating. If the application is impersonating via <identity
impersonate="true"/>, the identity will be the anonymous user (typically
IUSR_MACHINENAME) or the authenticated request user.
:
: To grant ASP.NET write access to a file, right-click the file in Explorer,
choose "Properties" and select the Security tab. Click "Add" to add the
appropriate user or group. Highlight the ASP.NET account, and check the
boxes for the desired access.
:
: </code>
:
: Now, here is what I've done:
:
: I've given full control to the directory on the network share to everyone
: I've changed machine.config process model to the SYSTEM account. When
that didn't work, I changed it to my network account, which has local admin
rights on the network.
: I've tried mucking around with the Internet zone permissions and Intranet
zone permissions through the .net tools, giving both full trust priviledges,
no luck
: We've set the asp.net service to log on as a local system account, network
system account, my domain account, and finally, the domains admin account,
still no luck
:
: My code is very simple:
:
: <code>
: private void Button1_Click(object sender, System.EventArgs e)
: {
: XmlTextWriter writer = new XmlTextWriter(@"\\machinea\Log\log.xml",
Encoding.UTF8);
: writer.WriteStartDocument();
: writer.WriteStartElement("DATA");
: writer.WriteElementString("TEST", "Is this going to work");
: writer.WriteEndElement();
: writer.WriteEndDocument();
: writer.Close();
: }
: </code>
:
: So, what am I missing?
:
:

Quantcast