fileSystem object and remote permissions

Make sure IUSER_server user has all the permission

To clarify, navigate to the folder c:\inetpub\wwwroot\listdirectory\ (if you're web app isn't on the root, then it will have a different path). Right click on the folder, choose properties, choose security, click "Add", select the "IUSR_server", and change their permissions to include read, write, and (I believe you'll also need) modify. Repeat this process for the other folders. After you get it working, try removing the modify permissions and see if it still works. The weaker the permissions for IUSR_server (while still being functional), the better.

sforcier, to clarify a bit more....  \\server\directory\ is a directory on a remote server.  it's not on the same machine as the web server.

jitganguly, domain\IUSER_server has everything but Delete Subfolders and Files, Change Permissions, and Change Ownership. is ALL really necessary???

For this to work the IUser_server account must have permissions to write to the folder and it must have rights to access these directories using the same username and password that the IUSR account has.

Now if that is a problem the solution is to add the paths as virtual directories using the correct password. This would open up the directories to the outside world so turn authentication on for those virtual directories and disable all IP addresses apart from that of the server to block them again.

HTH
Steve

mouatts, I let windoze manage the IUSER password.  I don't even know what it is unless I assign it.  I figured if that was managed BY windows that the domain user info would be supplied to other servers.  Do you think I'm wrong about that?

Maybe the virtual directories solution is best.  I didn't really give it much thought because of the security issues but authenticating on IP would work.

> I figured if that was managed BY windows that the domain user info would be supplied to other servers.  Do you think I'm wrong about that?

I think so. Certainly looking at my servers the USR account is a local one. The only USR account which is a domain one is for the web server that sits on the domain controller.

Steve

well, I tried creating a virtual directory under the existing site but I'm still getting a permission denied error.  In the properties for the virtual directory, I used a user with full permissions to the parent directory and applied them all to all subdirectories.

I can browse the virtual directory through IIS mgr so the password is correct, right?

I also got the same result when trying to map a drive letter and do it that way.

No you don't want to do it via a drive letter. When you do that it is your account that is allowed access not the IUSR account.
When you create the virtual directory enter the UNC filename and on the next screen it will prompt you for the username and password.

Steve

and for that user I can use any user with the permissions to the target directory?

that's what I did, and I've been playing with, but I can't get it to go.

Trying restarting IIS it's sometimes a bit of a pig to get this to take. Trust me it works but believe me when I tell you I have spent hours retyping the bloody thing before it seems to connect :(

Steve

Just a though you may need the domain name in front of the username eg mydomain/adminsitrator

restarted, same error

the domain name is in front of the username.

I was reading an article about duplicate anonymous accounts
http://support.microsoft.com/default.aspx?scid=kb;en-us;184566

and this...

http://support.microsoft.com/default.aspx?scid=kb;en-us;169271

I'm gonna see what I can mess up in that direction.

HEY! There you go!  Lemme fiddle around with this a bit and make sure I can apply it to my situation.  It worked for my testing purposes.

thanks a lot to everybody but sforcier's idea worked very well for me and I'll be able to enforce user level security on it as well so I can implement it per page and not worry about other holes.

I'm glad I could help! I just want to reiterate how careful you should be when doing this. Granting an ASP page more power makes it easier to hack. I'm sure you're aware of this, and I'm sure you'll use due dilligence; I just can't stress this point enough.

that's what I mean about enforcing user level security.  While the page has permissions, I can set requirements within it by using userLevels that already exist in my app..... so, only specific logged in users can even access the page.  anybody else gets redirected.

you think that's adequate???

I don't know that I fully understand what you mean by "user level access" specifically. If you mean disabling anonymous access or using NTFS security on the individual ASP pages, then yes, that should certainly be adequate.

I have an asp application that colects images from a folder generated by a scanner. This folder is in a network drive (like \\a_drive\scanner). I wish to move all images from this folder to another folder wich is located in my local server.
Please help...

joninhas you will need to post your own question. You can't just piggy back another.