I have a file uploading and viewing page in ASP.Net 1.1 using VB. Now the page will be visible in intranet as well internet. Here in my case the intranet and internet servers are different. How can i save the uploaded file in the intranet server and view from there subsequently when the activity is done using the internet server?
I'd suggest that you have both instances of the application (intranet and internet) save their uploaded files to a common location. I'm going to assume, given that you're targeting .net 1.1 that you're probably looking for a solution/directions for IIS 6.0 or below, rather than the 7.x that comes with Vista/Server 2008.
You need to firstly decide where you're going to store the uploaded files, it could be on the Intranet server, the Internet server or a 3rd "filestore" server. Having done that, you can map that location to a commonly named Virtual Directory on each of your two web servers as follows:
Start "Internet Information Services (IIS) Manager" (Start > Control Panel > Administrative Tools)
Expand the "Web Sites" node and find the virtual directory for your application
Right click on the virtual directory and choose "New" > "Virtual Directory..."
In the wizard that appears, give the folder alias as something like SharedUploadFiles
Specify the path in the next step as something like \\192.168.100.1\SharedUploadFilesStore (i.e. wherever you've chosen to store the files
The next step will require security credentials. Set these as a username and password that has read/write access (as appropriate) to the share you've specified in step 5.
In the "Virtual Directory Access Permissions" step set the permissions as appropriate, click Next and then Finish.
Your application will now be able to access files in that share as if they were part of your web servers file system. So, if you had a file located at \\192.168.100.1\SharedUploadFilesStore\sample.txt, you would then be able to access it through both:
http://internetdomain.name/MyWebAppName/SharedUploadFiles/sample.txt
and
http://intranet.mycompany.local/MyWebAppName/SharedUploadFiles/sample.txt
My knowledge of how to solve any issues you encounter whilst configuring this isn't that deep, and you'd probably get a better answer at http://www.serverfault.com/ as whilst your question is a programming one, the answer I've given isn't a programmatic solution (not that it always has to be! =)
Related
I'm fairly new to developing with ASP.NET and in general. I have created a simple data-driven web application that will be used to display images the colors of which will be changed depending on certain criteria. I used Visual Studio 2019 to create it. When I test/run it from within VS 2019 using the "play" button, it runs perfectly and the page opens in my browser just as you would expect.
My issue is that I'm trying to deploy it to the IIS and host it from my machine here at work, so others can access the pages. I have published the application to a local file on my C:\ drive. I then open up IIS Manager and create the website by pointing to that local file. Now, when I choose to browse that site from the IIS manager, at first I was getting an error saying that access is denied.
Then I followed the instructions to configure the security on that local file folder to allow IIS_USRS to access the file, but when I run it, I just get a page that tries to load indefinitely.
What am I doing wrong? If I point the IIS Manager to the files after saving them to a location on my company's network, I again get the access is denied error.
Do I understand it correctly that IIS needs permission to access the files? If so, how do I configure it that way other than what I already tried? If I need to provide further information, please let me know. Thanks so much for your support.
I am running IIS 7 on Windows Server 2008 R2 with PHP 5.4. One of my PHP scripts is trying to access a file on a protected network share using a UNC path. How can I change the IIS service account to an account that has permission to access the share? This is really easy to do on Apache HTTP server (you just change it), but it's not clear how to do with IIS. What can I do?
Update:
I was able to get things working using the "Connect As" option in the "Basic Settings" of my website and then specifying an account that has access to the network share. It appears that my problem is related to this question:
https://serverfault.com/questions/366234/iis-identities-application-pool-vs-connect-as-in-basic-settings
For IIS 7 running on Windows Server 2008 R2 ... In the IIS Manager, select the Application Pool under which your Web Site is running.
Click "Advanced Settings". There will be an entry for Identity (it is under the Process Model section). Click it, provide credentials for your account that has permission to access the share.
UPDATE
You should make sure that if you are using an Active Directory Domain Account, you provided that correctly under Identity for the running App Pool. For example, MYDOMAIN\myAccount.
After making this change, you will need to do the following:
Stop the Web Site.
Recycle your Application Pool.
Start the Web Site.
UPDATE II
From the comment discussion on this answer, #HydroPowerDeveloper was able to get the PHP script to be able to access the network share via UNC path using WebSite -> Basic Settings -> "Connect As" and setting the credentials there.
In the past, I have always used the approach of setting Identity via Application Pool and that has allowed my code to access Network shares via UNC path.
However, all of the sites/applications I have deployed on IIS are .NET based WCF or ASPX sites.
I would speculate (but am not 100% certain on this, would need research/testing to confirm) that the Identity specified in the Application Pool is used by executing .NET code, whereas the "Connect As" is used by the PHP script.
Generally the Application Pool is set using the least amount of privileges as possible.
http://msdn.microsoft.com/en-us/library/ff647402.aspx
The easiest route is to allow access to the current IIS account.
In Explorer, navigate to the shared directory.
Right Click -> Properties -> Security
If you don't see the expected IIS user in the list (Group or user names), edit and add the user as required.
I used "NETWORK SERVICE" -> Check names.
The detailed instructions are on that site.
In this way, the system is still restricted, we're ONLY allowing access to specific directories, we don't need to create any new users, we don't need to recycle the application pool and we don't need to perform any nifty impersonation code.
To resurrect an old question...
I've just been setting up a Win 2016 server that uses some Perl to access a UNC share. I set the Application Pool to an account that I verified had the correct permissions on that share. I then set up my site to 'Connect as...' (under 'Basic Settings') the same user. I still couldn't get access working.
Much head scratching later, I realised that my 'Virtual Directory', cgi-bin, was running under the original 'pass through' account. I then set up the virtual directory to 'Connect as...' the same account as the site and the application pool and, bingo, it all works fine.
So, remember to update any Virtual Directories as well as the site and App Pool...
I am trying to set up a hyperlink to open a Windows Explorer, so that it can display a folder on the web server that is within the web site.
So in IIS, we have inetpub/MyWebSite/subFolder/Data/
I would like to allow for a web page hyper link to open the folder /Data
I can set up a user account on the web server and only provide access to this folder. I can use ASP Membeship to restrict access here, and/or assign the Network Service acccount access.
I don't really care who can see this folder as anything that gets placed in here will only be temporary, and nothing is "Mission Critical" just a file that the web site will read and write to and then it gets deleted.
Any and all ideas and suggestions will be tested.
Thanks for any help.
Build a representation of the folder's contents (using a DirectoryReader and CSS) and display that. Don't actually try to display the physical folder.
this sounds like FTP, and if it's on an intranet, why not create a share? much less work.
I've just installed windows server 2008 r2 along with visual studio and dropbox. I'm using it as a VM for development and dropbox helps me keep my files in sync with other machines.
I've got my site set up in IIS but I'm getting an access denied error when trying to view the site. I've had this before and to get around it in the past I've gone through and added the IIS_User account to the list of permissions to read/modify the files. I assume because the file's have been copied down with drop box the files don't have the necessary permissions. Here's the bugger, I can't batch update the files by modifying permissions on a folder, I'm having to do it right to the file level and even worse, one at a time! I can't have this.
I'm relatively new to 2008 r2 and IIS 7 so I have no idea what's happening here. Can someone explain what is going on and if there's an IIS/file permission setting I can update to resolve it at the top level folder?
I've tried adding anonymous permssions on the website in IIS and I've added permissions on the folder for IIS_User (even Everyone). I have an Administrator account and that's already set to allow me to read/write/modify the files.
This is typically the message I'm getting 'An error occurred loading a configuration file: Access to the path X is denied'.
This is happening on ascx & aspx files as well as config files.
Edits:
The site is visible when debugging from Visual Studio.
The site is operating in Full Trust (internal)
Please help, this is stopping me from working and driving me insane!
By default in IIS 7, websites run as the local system's network account (NetworkService), not as IIS_User.
To verify, in IIS Manager, select the Site in question, click Basic Settings... and check the Application Pool it is assigned to. Then go into Application Pools and check the Identity for that Application Pool. Make sure that user listed is in the ACL.
Adding Everyone to the ACL should work instead, but just in case I would suggest you check the above. Also of course make sure when you set the ACL to check the box for resetting inheritance on all subfolders, if that is appropriate for your application.
You could also try setting the identity of the application pool to a local (or domain) user you have created which has access to your application directory.
Hope that helps.
Regarding whether other identities would work for your app pool, that depends entirely on whether those identities have permissions to all the files and/or databases and other resources you application needs to access. Right now you have the application running under your user account, which is generally not recommended. IIS has your password cached, and if you change it, your application will stop working until you update the application pool configuration.
As far as setting NTFS permissions, it can get tricky. Once you have disabled permissions inheritance, that file or folder will need to be updated individually every time you need a permission change. The flip side of this is that you cannot remove inherited entries on an ACL, you can only add to them. However you can design a strategy that offers a baseline level of permission at the root of a file structure, and then add permissions to subfolders/files.
In order to check & reset inheritance on a folder, go into its properties, security tab, click advanced, then click Edit. You can see whether this folder inherits permissions from its parent, and optionally wipe out all subfolder/file permissions and enable inheritance on all child folders & files.
Hope this helps.
I'm creating a website which besides other tasks will play some recorded files. these recorded files are on a remote server with private ip address, so I've created a virtual directory which points to a share directory on the mentioned server.
now I'm able to playback the files using client side controls like wmplayer. BUT the problem is sound file urls are accessible without any authentication and authorization.
is there anyway to enforce .net authorization and authentication (in web.config) on this virtual directory? I also should mention I can not use solutions like httphandlers to download the files because file are streamed using iis so user could navigate on the file without downloading all of it)
thanx
Open IIS (I suppose you use IIS7.0 or later). Find the mentioned virtual directory and click on it. In the listed features find Authentication, right click on it and press Open Feature. Then disable anonymous authentication for this folder. Does the problem persist?