ASP.Net unable to see shared folder

Question

I've written a new application in a network I haven't worked in before, and am running into a problem.

If I have the following C# code:

FileStream fs = File.Create(@"\\MyServer\MyShare\testing.txt");
fs.Close();

In a console application, this code executes correctly.

In an ASP.Net application, I receive this error: Logon failure: unknown user name or bad password.

In the ASP.Net application, if I add in identity impersonate="true", I get this error: Access to the path '\MyServer\MyShare\testing.txt' is denied.

I've never ran into that logon failure message before; where is this coming from? If I create an application on the server and have it write to the phsyical location, it works fine (so security there is good), it just seems as though the security to the share is not working (even though it has 'Everyone' set to full writes), or there is something missing at the server level in which I'm not allowed to view anything in general.

Does anyone know what I'm missing here? I've written other applications that did similar things and have never run into this problem

Thanks!

Answer 1

The issue is that with identity impersonate set to false the ASP.NET worker process account is trying to write to the share, typically that is the NETWORK SERVICE or ASPNET account. Depending on which version of windows you are running.

setting impersonate to true, without specifying a username or password will use the current users authentication to try and make the request.

You will need to either A grant the worker process account permissions, which most likely isn't possible. Or B create a specific account that your application can impersonate, and then specify the credentials inside the web.config in the identity tag.

Answer 2

By default, ASP.NET applications run as YourMachine\IUSR_*YourMachine.* You either have to open up the permissions on the share to the Everyone principal (which still may not work if the machines are not on the same domain), or run your IIS application as someone who has access to the share.

You can change the user that the ASP.NET application runs under by:

.Open Administrative Tools -> Internet Information Services then right click on the website or virtual directory that contains the application and click Properties. Choose the Directory Security tab and click Edit. Finally, in the Anonymous Access section type the username and password of a user that has access to the share.

Mike

Answer 3

Update:

So I think I posted this too soon... The reason it was failing on my localhost was due to the directory being set as allow anonymous access (so the page wasn't impersonating; the user was '').

It also started working on the server as well; however, nothing was changed there... I don't know if something was triggered during the app's downtime/shutdown or what, but everything's working as expected.

Thanks for the comments!