Security :: Accessing Network Share Via UNC / Virtual Directory ?
Oct 27, 2010
A month ago I got everything working but now my code has changed and my server may have been misconfigured.
Basically, I'm running IIS 6.0 and Win2k 2003. The webserver will map a network path UNC share at: //wave/test
Also, I have webconfig set up to do: impersonate = true (no username/password defined)
the path //wave/test is another computer that runs Windows XP. Wave is the computer name, test is the folder name. So C: est is the folder to access. The current permissions under C: est on the file server is: Administrator, IUSR_WEB (read-only) and "Wave_user" (read-only)
Back in WinServer 2003, i've added a virtual directory and mapped to \wave est and applied a local username/password for Wave_user. I am able to see/browse all the files in IIS 6.0 and see the files/folders. I call the virtual directory alias: "Waves". Inside Authentication method for this virtual directory, i applied Wave_user and the local password of the local file-server PC , and checked enable anonymous access w/ integrated windows authentication.
Also, back in virtual directory, I set "Connect As" to wave est as username and password as the local password.
When I access the webapplication, using my current local PC credential, and try to access the network share, which in C# is the command: server.mappath@("wave"... i get a Server Error 401. in the browser.
View 2 Replies
Similar Messages:
Jun 21, 2010
How to share data between two virtual directory without using Querystring?
View 6 Replies
Aug 17, 2010
My ASP.NET MVC 2 application runs under built-in local NETWORK SERVICE account. I want to set up access permissions for the folder which resides in another computer, but in the same domain. I located that folder right-clicked to open its properties form, clicked to Security tab and pressed Add button which displayed Add user form with correct domain name in the location field. I referred to the account with following syntax:
<domain name><server name>$
because I learned that NETWORK SERVICE account uses machine account when connected to other computers in the domain. However, the system couldn't find the account, so refuses to add the account. Without the domain name it adds a user, but that user seems to be local user, not web server's NETWORK SERVICE account. What am I doing wrong?
By the way, the above syntax worked when I created login for the sql server which is different computer from the web server.
View 2 Replies
May 6, 2010
I have load balanced web servers My application has a function that allows the user to upload their company logo to display in the application header obviously, when they upload the logo image file, it needs to be in a central location or otherwise, the file will not be accessible to the other server on the load balancer. in order to be able to upload the image through the application other one of either servers and then display it on both servers I need a virtual directory on both servers that point to a third "file server" (this is the "AcctData" directory shown below with a sub folder "images")
If I use pass-through authentication I get a 401 error. If I use a specific user that's set up on both boxes, I get a 500 error. I've also tried sticking a Web.config file in the "AcctData" directory allowing anonymous access.
View 1 Replies
Oct 28, 2010
It took me 6 hours to figure this one out and I'm wondering if someone can give me an answer why it has to work this way. I have two PCs, one is a webserver win2k 2003 and the other is the file server running Windows XP. Both PCs are on the same company domain therefore they can see each user. The share folder has NETWORK, NETWORK SERVICE, USERS (which include IIS authenticated users), a LOCAL account, and a specific User (which is me) that is given access to read. In my web application, I call a server.mappath. In IIS6.0, anonymous is disabled so users use integrated Windows Authentication. I can see this by verifiying User.Identity.Name.ToString(); Next, I also check WindowsIdentity.GetCurrent().Name.ToString();. In my first run, I set impersonate to true and thats it. Both User.Identity and both Windows.Identity show: mydomainsmith_B as an example.
When trying to access the UNC virtual path whcih has "Always use the authenticated user's credentials when validating access to the network directory" checked. This means , IIS6.0 will pass mydomainsmith_B credentials to the file server. I get an access denied which is verified by a thrown exception. I go back and check the file server and under the security tabs, I did add myself which shows smith_B under the security and for kicks, I'm also under Share tab.
Next, I try to authenticate using a "LOCAL" account on the file server. The local account is called username/password: temp/temp. So I set web.config to impersonate=true, userName=temp password=temp. Okay, so I go back into IIS 6.0 and for the virtual directory, I go to "Connect As" and set Username and password to: temp/temp and un-check "always use the authenticated user's credential". Finally, i reload the page. This time the page shows me:
User.Identity.Name: mydomainsmith_B
WindowsIdentity.GetCurrent().Name: temp
perfect, so now I'm impersonating temp. I click a button to access the UNC path and boom, it all works. So why doesn't my local PC authenticate ME, as MYSELF, which is on the domain, which is on the same domain. Why do I have to impersonate a local account to the file server? Why can't I just impersonate myself? Also, If I disable impersonation, it becomes NT AUTHORITYNETWORK SERVICE. This service also can't access the UNC path even when I have enabled the same security and same share settings.
View 1 Replies
Apr 26, 2010
If you use anonymous access + impersonation of a windows domain account to access a file on a network share, is the password sent in clear text?
View 3 Replies
Apr 23, 2010
I've been researching and I've spent pratically all day on this. Here's my issue. The website uses forms authentication that we authenticate against active directory. I've been attempting to access files we have on a network share and push them down to the user (when they request them) in an http response. I keep getting "Access to the path <unc path> is denied".
Here's the code:
[Code]....
Things I've tried:1) When I add the "Computer" to the permissions of the folder it works and I dont even need to emulate a user (essentially just commenting out this code), but I'm not sure we want to explicitly give the computer access to some of our network shares 2) I've verified it's the correct username and password for the active directory account and that they have permissions on these network shares 3) I've fooled around with the WebProxy class with no luck (as I'm not entirely familiar with it) 4) I've tried impersonating the user by creating a windows token and passing the token as credentials (i've done this with similar websites) with no luck, plus this seemed a bit complicated for something I figured would be relatively easy.Its almost as if, the WebClient class isn't even using the credentials i've passed it.We've got it working now, but only by giving the "Computer" specific permissions on the network shares, which we'd like to avoid.
View 1 Replies
Dec 7, 2010
We have an issue with an internal application, where accessing it from LAN (private n/w) works fine, while access from external n/w throws up erratic behavior.
The Current System :
an aspx page (asp version 1.0) hosted on the IIS server (6.1). The front end is a vb form that connects to a sql 2000 database.
Users' credentials authorized using NTLM security.
Access from an external n/w - a reverse proxy configured with an ISA server 2006 to authenticate credentials.
Domain Controller - Windows Server 2008 R2 x64
The issue when accessed from external n/w :
everytime an entry from a drop-down is selected from an Ajax enabled control, instead of the fields populating, the page gets refreshed and the content of the box are cleared.
Also, clicking on other items that normally hyperlink to other pages, results in nothing happening.
Upon investigation, we realized that :
Everytime it fails, a string - "&AuthResend" followed by an alpha numeric string is attached, which attempts to authenticate the user's credentials everytime a request is made to the server.
ISA error logs yielded the following error msg :
"12210 Internet Server API ( ISAPI ) has finished handling the request. Contact your system administrator. "
This behavior is inconsistent except when accessed from Google Chrome, where it fails each time.
We have applied all the recommended hot fixes from Microsoft's KB pages.
View 1 Replies
Oct 17, 2010
I've created a virtual directory on a hard drive where I keep some jpg files, the problem is when I access a page that links to a jpg file it asks for a username and password, is there anyway to stop that from happening?
View 2 Replies
Jan 6, 2011
My client has s website hosted under IIS 6. This website has a subsite as a virtual directory that we need to ensure is only accessed via HTTPS.
We have enabled HTTPS access to the sub-site, but because the root site is configured to use HTTP, this is being inherited by the sub-site and you can access it unsecured. How can we prevent this?
The only potential option I've found so far is this implementation of IHttpModule. Is there nothing in the web.config I can set, as you can the security on a WCF binding?
View 4 Replies
Sep 4, 2010
I'm using IIS7.5 and Windows Authentication through an ISA server. I'm trying to migrate a classic ASP application to ASP.net.
We have an internal file server with our department folders on and I'm trying to provide web based access to these. Previously I created a UNC virtual directory to the \serverdepartments share, and because ASP classic ran in the context of the authenticated user they could only browse folders they had permission to.
What security settings should I now be using for the Application Pool and what settings should I use on the Virtual Directory credentials to ensure security? I'd like the ASP.net page to run in the context of the logged in user, and when the code tries to display a sub-folder they don't have access to it should 'bomb out' as before.
View 2 Replies
Jan 27, 2010
i am writing following code:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
[Code]....
wen i m running this code its giving me "access id denied" exception..
View 2 Replies
Aug 31, 2010
We have created a website and for the secured files created a virtual directory and in virtual directory properties we selected Application-user(pass through authentication).If any user directly browse the files link then the browser prompts a screen for virtual directory credentials.Here my requirement is i need to send the virtual directory credentials through the application.
View 4 Replies
May 11, 2010
I am creating virtual directory from my C# code when i execute this code working every finely.
But problem is when i publish this code and access through iis it is showing an error as access denied .
i tried to give permissions to the folder in c:\inetpub\wwwrootfoldername Network service and users provided permissions of full control But still showing an error of Access Denied(mine is iis 5.0 in xp)
View 2 Replies
Jul 12, 2010
I have a web site with an administrative section. All administrative pages are stored in a directory called "db/administration". There is only one user that I want to have access to the pages in this directory. That user's username is "system". Currently, I am using the following approach in my web.config file:
[Code]....
When I logged in as another user, I was still able to access pages under db/administration when I navigated to them through the browser's address bar. What am I doing wrong?
View 2 Replies
Aug 15, 2010
i have a asp.net page using c#.
1. My asp.net page has a login page.
2. i created a list of user in database who has the access in my asp page.
3. but i want to use their SAME username and password (active directory) to use as their login name and password to my asp page.
4. how can i access the active directory username and password and connect to my list of user database.
View 2 Replies
Mar 29, 2011
Hey I have a web page and I wish to share a link or tell a friend about this page.So,when I click the share link then the System shall execute AddThis Wigit(fb,twitter,google,myspace...) etc.
What is the C# code that execute this implimention.
I am using MVC
View 1 Replies
Nov 10, 2010
I have a WCF service in a virtual directory that is called in the code behind of a page that is in the parent directory, when i debug the code i can see the wcf service is being called, however when the service calls Membership.GetUser() it alway returns null. The user has already logged in to the asp.net site. When i call the service via jquery it does pick up the correct user, but i need to be able to call it via the code behind as well. I am developing in .Net 3.5 how i can make the Wcf pick up the logged in user?
View 3 Replies
Oct 27, 2010
I made a web form on a development website of mine (we'll call it dev.somewhere.com) and tried to publish it out to the web (we'll call it [URL]) in a subfolder. I named it default.aspx like I was supposed to and it worked flawlessly on the dev site. When I published it out the web, I wound up getting the following error when trying to get to the subfolder: [URL] Directory Listing Denied
This Virtual Directory does not allow contents to be listed. Confused and flustered, I tried to go to [URL], but I wound up with some error that won't tell me the problem. Instead it tells me to change the my web.config to read <customErrors mode="Off"/>.
View 1 Replies
Feb 13, 2010
As virutal directory points to physical path of the application, so if the IIS root directory is C:inetpubwwwroot and the application is stored at D:websites, than we need to create a virtual directory but if the application content is placed at C:inetpubwwwroot, then why still need to create virtual directory.
View 3 Replies
Mar 7, 2011
I have a web application that uses Windows Authentication, not forms, and has identity impersonate = true.
From an .aspx page, the following code can create a folder on a network share successfully but fails in my .asmx page.
dirPolicyFolder.CreateDirectory(ConfigurationManager.AppSettings("PolicyApplicationsPath") & strFolderName
I have confirmed that the same user is logged in both examples, permissions on the parent folder are set correctly, and the logged user has propper right to do this.
If I change the path to a local one, the asmx page can create the folder.Why would this fail when running in the .asmx page?
View 3 Replies
Sep 29, 2010
I am stumped. i want my asp.net website to access a network share folder which is located at say, //hero/superman. I can do it manually.
I've done the following:
1. Included <identity impersonate="true" userName="IUSR_TEST" password="test" /> in my web.config.
2. Set anonymous access in IIS 5.1 with username IUSR_TEST and password: test in the account that is used for anonymous access. Checked integrated windows authentication.
3. Created a profile for IUSR_TEST in computer/management/local users and created the password: test for it. It is a member of guest.
4. Created a user account IUSR_TEST for the network share computer. gave it the same username and password.
4. On the network share computer, I've enabled access for the following people: ASPNET, NETWORK SERVICE, and IUSR_TEST.. all with full potential (for now) for the directory path in question //hero/superman which is really located on: c:herosuperman. I've given it full access.
But when I StreamReader fs = File.OpenText(Server.MapPath(@"\herosuperman est.txt"); I get the error "UnauthorizedAccess Exception". Access to the path \herosuperman est.txt is denied.
So what did I miss, what am I doing wrong. The key thing here are:
the webserver is on a domain. the network share computer is NOT on a domain, it is on it's own workgroup. This workgroup, lets just say is called "villains". So if I have to manually map the network drive to access the files, I must type: /villains/IUSR_Test and password: test to be able to map it on my webserver local computer.
View 2 Replies
Jul 27, 2010
I have 2 different Virtual Directories on my local IIS 7.0 server. I want to do session Management in such a way that Session variable created in one Virtual Directory is easily available in another Virtual Directory. I want to achieve this using SQL Server 2005. Till now I have done the following things
1) In my web.config file I have added the following entry
<sessionState mode="SQLServer" sqlConnectionString="Data Source=11.11.11.11;Integrated Security=False;User ID=uid;pwd=pwd" sqlCommandTimeout="30" >
</sessionState>
2) In SQL Server I have a database called ASPState that has 2 tables ASPStateTempApplications and ASPStateTempSessions and also some Store Procedures
Now If I create Session variable called Session["ProductID"] in Virtual directory A how can I access Session["ProductID"] in Virtual directory B.
View 5 Replies
Nov 23, 2010
I'm not able to open the file when I click on the link on page in MVC. I get the following message. I've added the impersonation in the code. I'm able to delete and save the file.
Access to the path '\servernamefolder1folder2folder3foder4filename.pdf' is denied. Description: An unhandled exception occurred during the execution of the current web request. review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.UnauthorizedAccessException: Access to the path '......same as above....' is denied.
ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically {MACHINE}ASPNET on IIS 5 or Network Service on IIS 6) that is used if the application is not impersonating. If the application is impersonating via <identity impersonate="true"/>, the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user.
To grant ASP.NET access to a file, right-click the file in Explorer, choose "Properties" and select the Security tab. Click "Add" to add the appropriate user or group. Highlight the ASP.NET account, and check the boxes for the desired access.
Source Error:
[Code]....
Source File: C:Posfx runkposfxcamonlineControllersApplicationController.vb Line: 37 Stack Trace:
[Code]....
View 6 Replies
Jan 30, 2010
I'm using Request.ApplicationPath to learn the name of the Virtual Directory in which I'm running. Is there a more reliable way?
View 2 Replies
