Solved

How to make filesystemobject work across a network

Posted on 2001-08-16
12
333 Views
Last Modified: 2008-02-26
I am not an ASP programmer, I'm a network administrator. I'm trying to help our ASP programmer who has become stumped by this problem.  If I get a workable answer today (we are under a deadline) I will at least double the point value.

We have the following code which is looking for the existence of a specific image file, then building it into an "IMG SRC" string. If the file doesn't exist I want it to instead use a default image file.

In the first line, if PropertyPictFilePath is set to a local path i.e. "c:\somepathname\" it works. If it is set to "\\thiswebserver\somepathname\" If it is set as shown below, it doesn't find anything, so all images are shown as the default, even when the image exists.

I think the problem has to do with permissions... the pictures are not located on the webserver but on another server. This is a very large folder of pictures and we don't have enough disk space available on the real web server to hold it. Instead, they are served via a website that is getting content from a network share.

Both servers are members of the same domain but NOT domain controllers.

The actual question: How do I enable the webserver's asp code to access the folder on the network unc path?

The code snippet is supposed to check the existence of the file at \\servername\somepathname\picture01.gif and if it exists, build a path for inclusion in the resulting http of http://someurl.com/picture01.gif. If it doesn't exist the path will be built as http://someurl.com/DefaultPicture.gif". someurl.com is the url of a website whose content is coming from \\servername\somepathname.

As I said if the propertypictfilepath is on the local machine either by "c:\..." or by a unc, it works fine but doesn't work when the unc is a different machine.

Alternatively, can you provide a code sample that transparently fetches the file from the webserver, and if it detects a 404 error would substitute the default image.

Here's the existing code:

     Private Const PropertyPictFilePath = "\\servername\somepathname\"
     Private Const PropertyPictHttpPath = "http://someurl.com/"
     Private Const PropertyDefaultImage = "DefaultPicture.gif"
....
     Set fso = CreateObject("Scripting.FileSystemObject")
     if (not fso.FileExists(PropertyPictFilePath & PropertyPhoto))then
          PropertyPhoto = PropertyDefaultImage
     end if
     Set fso = Nothing
     GetPropertyPic = PropertyPictHttpPath & PropertyPhoto
0
Comment
Question by:myrrh
  • 4
  • 2
  • 2
  • +4
12 Comments
 
LVL 2

Accepted Solution

by:
MCM earned 200 total points
Comment Utility
IIS is usually signed in to the machine on which it is running as IUSR_<machine name>. I think this is a local user and not a part of the domain, and so is unlikely to be able to do reads on the network.

try going to IIS management console --> machine --> site --> properties --> directory security --> edit anonymous access properties --> edit anonymous account

choose an account for anoymous access that has rights to the areas of the network you are interested in. don't know if it'll work, i haven't done it, but you can try,

regards.
0
 
LVL 1

Author Comment

by:myrrh
Comment Utility
MCM,

All I can say is "DUH" why didn't I see that before. Works like a champ! And easy too. Thanks!

Assuming I make it through lunchtime tomorrow without the customer screaming about something that broke because of this, I will accept your comment then with the promised double points.
0
 
LVL 2

Expert Comment

by:nycynik
Comment Utility
keep in mind this will change the security on that server, now anyone browsing with a browser will have access as that user.

This is a security risk.
0
 
LVL 18

Expert Comment

by:mgfranz
Comment Utility
That's why you create virtual directories and dummy users...  A virtual dir that is linked to the network dir and accessed by the dummy user, this way no one else can access it unless specifically granted rights, and the IUSER_ can't go anywhere else in the network.
0
 
LVL 2

Expert Comment

by:MCM
Comment Utility
they make good points.
0
 
LVL 1

Author Comment

by:myrrh
Comment Utility
Points taken. The user account I specified is one that only has the necessary privileges on the web content folders and nothing else.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 15

Expert Comment

by:robbert
Comment Utility
PRB: Cannot Access Remote Files with the FileSystemObject
http://support.microsoft.com/support/kb/articles/q197/9/64.asp

Let me know if there is a problem with following the steps described (I guess there isn't).
0
 
LVL 20

Expert Comment

by:Silvers5
Comment Utility
The way you implemented is a security issue.. robbert's link is good.. also read:


How does FileSystemObject access files from a UNC \\share\?

IUSR_webservername on the web server trying to access the share must have access to the share. That
means IUSR_webservername must exist as a domain user (or at least a local user on the machine with the
share) WITH THE SAME PASSWORD and possessing appropriate permissions. We recommend RXW for IUSR_webservername
because some versions of FileSystemObject seem to choke on anything less.

In other words.. Create on the remote server that you want to access a local account with the same credentials
as the IUSR_WebServerName and WITH THE SAME PASSWORD (this is very important. if you don't know it you'll
have to change it on the webserver, note that the IUSR is a local account on the web server and not
a domain account ) now share the remote directory (w/o password prot) give the new IUSR on the remote
read/write permissions on the shared directory.. to test it log in to your web server using the IUSR
account and try to perform actions on the share.. if you don't get permission denied then all is ok
and you can now read/write from asp..If you mapped the share the IUSR won't see the map unless you map
it while logged to the web NT box as the IUSR, since mapping is a service.. anyways if you get some
troubles simply post them, this issue is simple to implement when you get used to it..
Good luck..





0
 
LVL 1

Author Comment

by:myrrh
Comment Utility
MCM's was the most straightforward, easy-to-implement solution. The others suggested later also have merit. Thanks to all who contributed.
0
 
LVL 20

Expert Comment

by:Silvers5
Comment Utility
easy to implement.. I'm sure you've set a domain admonistrator as the anonymous account.. we were telling you how to implement it in a secure way.. you created a security breach this way
0
 
LVL 1

Author Comment

by:myrrh
Comment Utility
No, I made sure the account has access only to the specific resources in question. Definitely NOT an admin account.

Whether I create the same IUSR account on the other machine and synchronize the passwords on the two, or create a restricted account on the domain, is not the effect (and the security) the same?
0
 
LVL 2

Expert Comment

by:anguslai
Comment Utility
I also have a similar but different problem,
See the question I posted today "ASP Call up NotePad to open remote file". Thanks.

- Angus
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

I have helped a lot of people on EE with their coding sources and have enjoyed near about every minute of it. Sometimes it can get a little tedious but it is always a challenge and the one thing that I always say is:  The Exchange of information …
I was asked about the differences between classic ASP and ASP.NET, so let me put them down here, for reference: Let's make the introductions... Classic ASP was launched by Microsoft in 1998 and dynamically generate web pages upon user interact…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now