Solved

How to make filesystemobject work across a network

Posted on 2001-08-16
12
339 Views
Last Modified: 2008-02-26
I am not an ASP programmer, I'm a network administrator. I'm trying to help our ASP programmer who has become stumped by this problem.  If I get a workable answer today (we are under a deadline) I will at least double the point value.

We have the following code which is looking for the existence of a specific image file, then building it into an "IMG SRC" string. If the file doesn't exist I want it to instead use a default image file.

In the first line, if PropertyPictFilePath is set to a local path i.e. "c:\somepathname\" it works. If it is set to "\\thiswebserver\somepathname\" If it is set as shown below, it doesn't find anything, so all images are shown as the default, even when the image exists.

I think the problem has to do with permissions... the pictures are not located on the webserver but on another server. This is a very large folder of pictures and we don't have enough disk space available on the real web server to hold it. Instead, they are served via a website that is getting content from a network share.

Both servers are members of the same domain but NOT domain controllers.

The actual question: How do I enable the webserver's asp code to access the folder on the network unc path?

The code snippet is supposed to check the existence of the file at \\servername\somepathname\picture01.gif and if it exists, build a path for inclusion in the resulting http of http://someurl.com/picture01.gif. If it doesn't exist the path will be built as http://someurl.com/DefaultPicture.gif". someurl.com is the url of a website whose content is coming from \\servername\somepathname.

As I said if the propertypictfilepath is on the local machine either by "c:\..." or by a unc, it works fine but doesn't work when the unc is a different machine.

Alternatively, can you provide a code sample that transparently fetches the file from the webserver, and if it detects a 404 error would substitute the default image.

Here's the existing code:

     Private Const PropertyPictFilePath = "\\servername\somepathname\"
     Private Const PropertyPictHttpPath = "http://someurl.com/"
     Private Const PropertyDefaultImage = "DefaultPicture.gif"
....
     Set fso = CreateObject("Scripting.FileSystemObject")
     if (not fso.FileExists(PropertyPictFilePath & PropertyPhoto))then
          PropertyPhoto = PropertyDefaultImage
     end if
     Set fso = Nothing
     GetPropertyPic = PropertyPictHttpPath & PropertyPhoto
0
Comment
Question by:myrrh
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +4
12 Comments
 
LVL 2

Accepted Solution

by:
MCM earned 200 total points
ID: 6394375
IIS is usually signed in to the machine on which it is running as IUSR_<machine name>. I think this is a local user and not a part of the domain, and so is unlikely to be able to do reads on the network.

try going to IIS management console --> machine --> site --> properties --> directory security --> edit anonymous access properties --> edit anonymous account

choose an account for anoymous access that has rights to the areas of the network you are interested in. don't know if it'll work, i haven't done it, but you can try,

regards.
0
 
LVL 1

Author Comment

by:myrrh
ID: 6394421
MCM,

All I can say is "DUH" why didn't I see that before. Works like a champ! And easy too. Thanks!

Assuming I make it through lunchtime tomorrow without the customer screaming about something that broke because of this, I will accept your comment then with the promised double points.
0
 
LVL 2

Expert Comment

by:nycynik
ID: 6394958
keep in mind this will change the security on that server, now anyone browsing with a browser will have access as that user.

This is a security risk.
0
Revamp Your Training Process

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action.

 
LVL 18

Expert Comment

by:mgfranz
ID: 6395311
That's why you create virtual directories and dummy users...  A virtual dir that is linked to the network dir and accessed by the dummy user, this way no one else can access it unless specifically granted rights, and the IUSER_ can't go anywhere else in the network.
0
 
LVL 2

Expert Comment

by:MCM
ID: 6395347
they make good points.
0
 
LVL 1

Author Comment

by:myrrh
ID: 6395449
Points taken. The user account I specified is one that only has the necessary privileges on the web content folders and nothing else.
0
 
LVL 15

Expert Comment

by:robbert
ID: 6395552
PRB: Cannot Access Remote Files with the FileSystemObject
http://support.microsoft.com/support/kb/articles/q197/9/64.asp

Let me know if there is a problem with following the steps described (I guess there isn't).
0
 
LVL 20

Expert Comment

by:Silvers5
ID: 6395709
The way you implemented is a security issue.. robbert's link is good.. also read:


How does FileSystemObject access files from a UNC \\share\?

IUSR_webservername on the web server trying to access the share must have access to the share. That
means IUSR_webservername must exist as a domain user (or at least a local user on the machine with the
share) WITH THE SAME PASSWORD and possessing appropriate permissions. We recommend RXW for IUSR_webservername
because some versions of FileSystemObject seem to choke on anything less.

In other words.. Create on the remote server that you want to access a local account with the same credentials
as the IUSR_WebServerName and WITH THE SAME PASSWORD (this is very important. if you don't know it you'll
have to change it on the webserver, note that the IUSR is a local account on the web server and not
a domain account ) now share the remote directory (w/o password prot) give the new IUSR on the remote
read/write permissions on the shared directory.. to test it log in to your web server using the IUSR
account and try to perform actions on the share.. if you don't get permission denied then all is ok
and you can now read/write from asp..If you mapped the share the IUSR won't see the map unless you map
it while logged to the web NT box as the IUSR, since mapping is a service.. anyways if you get some
troubles simply post them, this issue is simple to implement when you get used to it..
Good luck..





0
 
LVL 1

Author Comment

by:myrrh
ID: 6399342
MCM's was the most straightforward, easy-to-implement solution. The others suggested later also have merit. Thanks to all who contributed.
0
 
LVL 20

Expert Comment

by:Silvers5
ID: 6405113
easy to implement.. I'm sure you've set a domain admonistrator as the anonymous account.. we were telling you how to implement it in a secure way.. you created a security breach this way
0
 
LVL 1

Author Comment

by:myrrh
ID: 6406094
No, I made sure the account has access only to the specific resources in question. Definitely NOT an admin account.

Whether I create the same IUSR account on the other machine and synchronize the passwords on the two, or create a restricted account on the domain, is not the effect (and the security) the same?
0
 
LVL 2

Expert Comment

by:anguslai
ID: 6410352
I also have a similar but different problem,
See the question I posted today "ASP Call up NotePad to open remote file". Thanks.

- Angus
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I would like to start this tip/trick by saying Thank You, to all who said that this could not be done, as it forced me to make sure that it could be accomplished. :) To start, I want to make sure everyone understands the importance of utilizing p…
I was asked about the differences between classic ASP and ASP.NET, so let me put them down here, for reference: Let's make the introductions... Classic ASP was launched by Microsoft in 1998 and dynamically generate web pages upon user interact…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question