tags:

views:

1509

answers:

2
+1  Q: 

IIS 6.0 Access Permissions to Remote Share

When setting up a virtual directory under IIS using a UNC path to a remote share, what user identity should I be expecting to see the read request to the share come under?

I've setup the above scenario and configured the user under 'Connect As' as a known user who has permissions on the remote share, which I checked with Windows Explorer.

However, when trying to access a file from within a web browser on the share using http://localhost/myfiles/atestfile.txt, I am getting an HTTP Error 401.5 - Unauthorized: Authorization failed by an ISAPI/CGI application error returned. 'myfiles' is mapped to the remote share and atestfile.txt resides in the shared folder.

If I use sysinternals filemon application to see what process and user the read request to the share is being carried out under, then I get the details that the request is through the w3wp.exe process and the user is shown as "NT AUTHORITY\NETWORK".

I was expecting the user to be shown as the user I confugured under the 'Connect As' option.

Any guidance appreciated.

A: 

If i recall correctly (used iis about 4 years ago) it was IUSR_. I'm not sure that it's still so, but give it a try.

Edit: try to give a look at this post, maybe you will find some clues ;)

Alekc  2009-03-21 11:49:04
Well, the IUSR_computername isn't what you want. But the link Alekc gave does describe the IIS identity thing a little.
Mufasa  2009-05-03 13:10:49
A: 

Did you try it also with other file extensions than "txt", maybe "test.html"? What DLL is used for txt in the ISAPI extensions configuration (web -> Home Directory -> Configuration...)?

The section "To configure security and authentication for a virtual directory" in the MSDN article "How to: Create and Configure Virtual Directories in IIS 5.0 and 6.0" should contain the information you'll need for finding the right configuration.

I guess the account used in the security settings should be able to access the network share. This could be accomplished inserting the account in the right group or changing that account.

splattne  2009-03-21 11:57:13
I've tried different extensions and get the same error. I've even added the Everyone user to the share and get the same error returned, which to me would indicate an issue in the IIS config and not the share permissiions?
 2009-03-21 12:14:33
Did you try to connect "manually" in Windows with the credentials? "Run..." and then "\\remoteServer\share" and looging on...
splattne  2009-03-21 12:27:49
connecting manually works like you say, but I think thats because when I check the user accessing the resource it is the user I logged onto the machine with. When trying to access the resource through a virtual directory it is using NT AUTHORITY\NETWORK.
 2009-03-21 12:33:56
Do you mark the virtual directory as application? if you only need static files (html, txt, images), you could remove the "application" and uncheck "script execution" permission. maybe the worker process is looking for a config file or something similar...
splattne  2009-03-21 13:02:56
The virtual directory isn't marked as an application as I only need to read static files. So no execute permissions are needed. At present all I'm trying to do is server up a static html page.
 2009-03-21 13:19:18
Directory security is setup to use only anonymous access using a local user on the web server. The same is applied to the virtual directory for directory security. Except the Connect As is set to a user which has access rights to the remote share.
 2009-03-21 13:21:35
I'll try to do the same setup. Which OS and IIS (Windows Server 2003 or Windows Vista - developer machine) are you using?
splattne  2009-03-21 13:22:41
Windows Server 2003, IIS 6, the only other complication is the web server is in a DMZ and the file share is in a domain. The users for iis directory security are local to the DMZ web server, and the Connect As user is a domain user account (with access to the share)
 2009-03-21 13:35:36

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps