Access shared folder from application deployed in IIS - asp.net

I have a problem when I try to access a file from a shared folder in a local network.
When I run the application in Visual Studio it works fine and I can download the file, but when I deploy the application to IIS, it simply doesn´t work.
I don´t understand why, cause I give full permissions to all users, including NETWORK SERVICE and IIS_USR.
I'm currently using my computer to test this. It has Windows 7 and running IIS 7.5. The shared folder I'm trying to access is on a Windows Vista installation which doesn´t have IIS installed.
The code to download file is this:
protected void button_Click(object sender, EventArgs e)
{
Response.Clear();
Response.ContentType = "application/octet-stream";
Response.AddHeader("Content-Disposition", "attachment; filename=S10.png");
Response.WriteFile(#"\\192.168.1.82\Machine\file.png");
Response.End();
}
and it gives me the following error:
Description: An unhandled exception occurred during the execution of
the current web request. Please review the stack trace for more
information about the error and where it originated in the code.
Exception Details: System.UnauthorizedAccessException: Acesso negado
ao caminho '\192.168.1.82\Machine\file.png'.
ASP.NET is not authorized to access the requested resource. Consider
granting access rights to the resource to the ASP.NET request
identity. ASP.NET has a base process identity (typically
{MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6 and IIS 7, and
the configured application pool identity on IIS 7.5) that is used if
the application is not impersonating. If the application is
impersonating via , the identity will be
the anonymous user (typically IUSR_MACHINENAME) or the authenticated
request user.
To grant ASP.NET access to a file, right-click the file in Explorer,
choose "Properties" and select the Security tab. Click "Add" to add
the appropriate user or group. Highlight the ASP.NET account, and
check the boxes for the desired access.
Please someone could help me.
Thanks in advance.

You have given access rights on the file system (full control is overkill for this, read or modify should be fine), but you will likely find the share permissions are still at the default of read only. You need to change the share permissions.
Read this for more info.
EDIT: The reason it works ok when debugging is because it's using the account you are logged on with, not the aspnet account in VS.
Create a new app pool, running under a service account which is a member of the IIS_WPG group on the IIS server and has permissions on the share you want to write back to (remember to set the service account to password never expire). Give the IIS_WPG group Read & Execute, List Folder Contents, and Read permissions to the Web site directories. Change the web app to run in this new web pool.

solution 1:
You can define a domain user. Let IIS server run with this user ( through Pool identity or 'connect as'). give this user access rights on Shared folder.
Solution 2:
Add IIS server account into user group of the server that contain shared folder, Give this user access right on shared folder.

If the file and the Machine folder is in C Drive, then you also need to give permissions to the root folder containing this file path because C Drive is usually read/write protected as it has System Files in it.
So for example if the file is in the path C:\Machine\file.png.
Then you need to add and give relevant permissions to IIS users group to Machine Folder and not just to the file i.e., file.png.

Related

ASP.NET Access Denied error when trying to write into Network Folder

I've a requirement of writing into a network folder from ASP.NET.
So I just used Streamwriter class and it works fine when trying from local system using Visual studio web server. But when trying to host it into IIS on the same machine writing into network folder not working at all.
It saying
Access to {\MYSERVER\specialfolder} is denied
So I thought it as some access issue. What I tried was as follows
Changed Default Applicaiton Pool (Which is the pool using for my
domain) identity to local system (And tried the other 4 ones too) :
Still the error
Authentication change for my site. Change from
Anonymous for specific user IUSR into Application pool Identity : No
help
Right clicked on my site and then selected edit permission, then
specified write permission for IIS_IUSRS group : Not worked
Also I tried, Right Click on the network folder itself -> security ->
But there is not IIS_IUSRS group
What else I'm missing for having the write permission into network
folder.
Details about my system
IIS 8.5
WINDOWS SERVER 2012R2
VISUAL STUDIO 2015
As far as I know, the IIS use the LOCAL user which generated by the IIS, this is local computer account.
If you want to access another network folder, you should set the enough permission to the IIS application pool identity.
You should use AD to assain enough permission to a spcial AD account.
Alternatively, using ActiveDirectory you could create a Domain User account, configure the application pool identity to use that domain user, and grant that user access to the network files.
More details, you could refer to below article:
http://www.iis.net/learn/manage/configuring-security/application-pool-identities

Cannot get Orchard CMS site to load on Network Solutions Windows Hosting

I get the following .NET error when trying to load my Orchard CMS website:
Access to the path '\\.........\www\App_Data\Dependencies\Lucene.dll' is denied.
Exception Details: System.UnauthorizedAccessException: Access to the path '\\WDP\DFS\30\7\4\5\3024678547\user\sites\5481517.site\www\App_Data\Dependencies\Lucene.dll' is denied.
ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6 and IIS 7, and the configured application pool identity on IIS 7.5) that is used if the application is not impersonating. If the application is impersonating via <identity impersonate="true"/>, the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user.
To grant ASP.NET access to a file, right-click the file in File Explorer, choose "Properties" and select the Security tab. Click "Add" to add the appropriate user or group. Highlight the ASP.NET account, and check the boxes for the desired access.
How do I actually go about granting access rights? I've googled and found I should go into the server and right-click on the directory and edit the properties. BUT, I am in a shared hosting plan and don't think I can do that.
Am I pretty much at a dead end?
Things I've tried:
Setting file permissions through FTP, but I get a:
500 'SITE CHMOD 777...command not understood
I've downloaded and installed IIS Manager and successfully connected to my site, but still did not find any options to set permissions in there.
I've also called Network Solutions, but all I was told was to try to do the file permissions settings (as I mentioned above).
Thanks in advance.

System.UnauthorizedAccessException while saving a file

I published my website on the IIS6.
When saving a file by File.WriteAllText("C:\" + txtSaveExport.Text + ".CSV", b.ToString());. Its gives an error as:
em.UnauthorizedAccessException: Access to the path 'C:\hj.CSV' is denied. ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6 and IIS 7, and the configured application pool identity on IIS 7.5) that is used if the application is not impersonating. If the application is impersonating via , the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user.
To grant ASP.NET access to a file, right-click the file in Explorer, choose "Properties" and select the Security tab. Click "Add" to add the appropriate user or group. Highlight the ASP.NET account, and check the boxes for the desired access.``
How can this be handled?
You need to give writing permissions to the Aspnet user in that folder.
See this:
http://devnet.logixml.com/rdPage.aspx?rdReport=Article&dnDocID=209
Best regards.
It's not a good idea to write to a variable directory under C: drive. I suggest you not to give permissions to write under C, rather, write to a directory under your web app's directory, which you can get by Server.MapPath("~"). Make sure you give write access to the application pool's user account to whatever folder under your app directory, and you'll be much safer.

asp mvc textreader

I am trying to use a textreader to retrieve data from a text file on a local machine. I have an upload routine to get the file for the reader to open.
When I run the application locally, it works fine. When I publish my application to my server, I am getting a Could not find a part of the path error. I assume this error has to do with permission in that the server cannot read from the local file system, but I don't know the proper way to remedy this.
do I set up the application to impersonate the user? I know I can't possibly set up each local users machine to allow the iusr account to access it.
Thanks for any thoughts.
UPDATE ****
I ensured that network service is they user for the app pool. I also ensured that the networkService has access to the local folder that the application resides in. I am running IIS7, and when I test the site, I am getting the error -
The server is configured to use pass-through authentication with a built-in account to access the specified physical path. However, IIS Manager cannot verify whether the built-in account has access. Make sure that the application pool identity has Read access to the physical path. If this server is joined to a domain, and the application pool identity is NetworkService or LocalSystem, verify that <domain>\<computer_name>$ has Read access to the physical path. Then test these settings again
I have tried suggestions from various posts, including adding domain\servername$ to the folder to allow access, but nothing seems to work.
Any thoughts?
Assuming this is IIS 6.5 or higher, the application pool user must have the necessary permission. By default, this is Network Service, which likely does not.
I solved this issue by first saving the file to the server, and then accessing the server's local file -
savedFileName = Path.Combine(AppDomain.CurrentDomain.BaseDirectory, Path.GetFileName(file.FileName));
file.SaveAs(savedFileName);
The following blog helped me out - http://www.hanselman.com/blog/default.aspx?date=2008-06-28

asp.net iis error

I am using asp.net 2.0 and IIS 7 on vista 64 bit.
everytime, when i try to open page in browser, i get following error.
Access is denied.
Description: An error occurred while accessing the resources required to serve this request. You might not have permission to view the requested resources.
Error message 401.3: You do not have permission to view this directory or page using the credentials you supplied (access denied due to Access Control Lists). Ask the Web server's administrator to give you access to 'C:\example\WebApplication1\WebApplication1\Default.aspx'.
Does your application pool's user have read permissions to the files you're trying to serve? By default, this should be the NETWORK SERVICE user.
Your ASPNET user will also need access.
Permissions can be set here:
Right click the directory or file --> Properties --> Security tab
You need to give the permission to user name "Internet Guest Account" on C:\example directory on an inner directory given you have used the same user in the IIS anonymous setting.
Give your aspnet local user permission to the directory you're trying to access.
You need to add permission to the user binded with Application Pool on folder in which is your website.
The name of the user is usually IUSR, NETWORK SERVICE or IIS_IUSRS.
Permision to the root: Read and Execute, List folder and read
Permission to the root/App_Data: All
Or another approach could be to set the username in the application pool (Advance setting -> Identity) to the username which has rights to read the directory. You may need create new application pool.

Resources