tags:

views:

866

answers:

3
Q: 

Permissions for IIS account

Hi

I have a webservice running under sharepoint, on a bog-standard Server2003/IIS6 setup. This webservice needs to open and read a file from a share on another machine in the same domain. At the moment I am getting a

System.UnauthorizedAccessException: Access to the path '\strand\DROPBOXES\MattTrinder\SharepointShared\bd116dfa-be0e-4c58-93e6-3fb93fa0ef22.tmp' is denied. at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)

What permissions do I need to grant to which accounts to allow this webservice to open and read the file ?

Using "\\sharepointserver\c$" works fine...

Thanks

Matt

+3  A: 

The account you grant access to, has to exist on the target (where the share exists) as well (either the same domain account, or a local account with the same password). Since the IIS-user normally has an auto-generated password and is local, this is hard.

The way we solve this, is to run the website as a different user (that we created ourselves), and grant this user permissions to access the share on the remote PC. Note that both the sharing permissions have to be correct, and the file system permissions.

Erik Hesselink  2008-11-14 11:14:50
+2  A: 

You need to grant read access in the file system level and in the share. The problem is that sharepoint runs (probably, because it can be changed) under network service account that has no access to the network.

options:

  • If you are using integrated authentication for the web service. Then you have to grant the permissions to the users that the web service client runs under. But don't go this dark path. Because delegation is very hard to configure.
  • If you have anonymous access to the web service, make sure that the application pool that the web service runs under run with user permission of explicit user that have access to that said file. This can be configured with the sharepoint administration site. Or with computer management mmc.
Igal Serban  2008-11-14 11:15:14
+1  A: 

Classic asmx web services by default run as the IUSR_ account. This may not have permission to access the network path. You can change this to a domain account by changing the application pool identity.

tgeros  2008-11-14 11:21:45

related questions

IE6 security login (debugging via VirtualPC)
Asp.net Reinstalling a DLL into the GAC
Failed to load resources from resource file.
What does an IISReset do?
How do I secure a folder used to let users upload files?
VBScript/IIS - How do I automatically set ASP.NET version for a particular website
IIS 6/COM+ hangs
Web server farms with IIS ? Basic Infos
.NET 3.5 Service Pack 1 causes 404 pages on ASP.NET Web App
What Url rewriter do you use for ASP.Net?
Publishing to IIS - Best Practices
ASP.NET Proxy Application
PHP on IIS
How do I stop IIS7 dropping my cookies?
HTTPS in IIS 5.1
Best tool for performance testing ASP.NET
Alternative Hostname for an IIS web site for internal access only
SQL Server 2008 FileStream on a Web Server
Solutions for working with multiple branches in ASP.Net
Dual vs. Quadcore on a Webserver
PHP Error - Uploading a file
Visual Studio 2008 debugger already attached work-around
Linux shell equivalent on IIS
Bandwith throttling in IIS 6 by IP Address
Checklist for IIS 6/ASP.NET Windows Authentication?