Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Access to network path denied

Posted on 2007-11-21
24
Medium Priority
?
577 Views
Last Modified: 2008-03-15
I have a shared folder : \\10.10.0.12\PDF Archive\KCAI
I use this code to access it:
        Dim strdir = "\\10.10.0.12\PDF Archive\Khorasan"
        Dim DirInfo As New IO.DirectoryInfo(strdir)
        Dim subDirs As IO.DirectoryInfo() = DirInfo.GetDirectories()
        Dim Files As IO.FileInfo() = DirInfo.GetFiles()

After the code runs, It asks 3 times for user name and password, and does not accpet any, and then I get this error :
Access to the path '\\10.10.0.12\PDF Archive\KCAI denied.

* In web config:
    <authentication mode="Windows"/>
    <identity impersonate="true"/>

* I have a domain.
* I set the ASP.NET permission to that folder.

Please Help.
Thank you.

0
Comment
Question by:Tech_View
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 5
  • 4
  • +2
24 Comments
 
LVL 33

Expert Comment

by:raterus
ID: 20328565
Do you want the user who is using your application to be the one to hit this file share, with his/her credentials? (harder setup)  Or could you use a shared set of credentials? (easier)
0
 
LVL 6

Expert Comment

by:thuannguy
ID: 20328620
If your server uses Windows 2003, could you give the NETWORK SERVICE account permission to that folder and try again?
0
 
LVL 33

Expert Comment

by:raterus
ID: 20328667
Negative thuannguy, the only permission you can add on a file share in this case is "Everyone".  You need a domain account to get this one to work with specific credentials.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 1

Expert Comment

by:MCKreed
ID: 20332267
You can add the network service if the web server is running on the same machine as the share.

You can set the anonymous login account as a domain user but everyone will login with the same account.

In Active Directory you can set the "trust computer for delegation" on the computer account and use windows authentication in web site properties. This will pass the credentials of the use that logs in.
0
 

Author Comment

by:Tech_View
ID: 20338385
* raterus:
I need credentials for each user. I have over 300 users in my domain.

* thuannguy:
The web server machine is differ from shraed folder machine, so I can not do that.

* MCKreed:
1. The web server is not the same with shared one.
2. I don't want to use anonymous logon.
3. Currently I use windows authentication on web server. About trust for delegation, must trust wich computer? Shared or the web server? and wich service?
0
 
LVL 1

Expert Comment

by:MCKreed
ID: 20338424
In active directory if you go to the computer with the web server on it, right click and go to properties.

On the general screen you will see "Trust computer for delegation". Placing a check mark in this screen allows the computer to pass network credentials back and for from the client to active directory.
0
 

Author Comment

by:Tech_View
ID: 20338587
MCKreed:
I went to active directory users and computers.
I did right click on web server computer name.
I clicked on properties.
In general Tab, there is no item "Trust computer for delegation". But I have another tab, named: delegation.
0
 
LVL 1

Expert Comment

by:MCKreed
ID: 20338817
What OS is Active directory working on?
0
 
LVL 6

Expert Comment

by:thuannguy
ID: 20339245
* thuannguy:
The web server machine is differ from shraed folder machine, so I can not do that.
Yeah, not really "cannot"! However, at my company, we create a domain user account, give it permission to the share folder and run the application under that account:

 <identity impersonate="false" userName="..." password="..." />
0
 

Author Comment

by:Tech_View
ID: 20339625
But you mentioned NETWORK SERVICE account , thuannguy.

How could you assign a local account in another machine?
0
 

Author Comment

by:Tech_View
ID: 20339633
The OS is W2K3 Enterprise Edition SP2, MCKreed.
0
 
LVL 6

Expert Comment

by:thuannguy
ID: 20340025
I mentioned NETWORK SERVICE account in the first answer because you didn't specify any domain account in the impersonate setting.

*How could you assign a local account in another machine?: not a local account, it is a DOMAIN user account.
Please note that I made a mistake on my second post :(. Impersonate must be 'true'

 <identity impersonate="true" userName="aDomainUserAccount" password="abcxyz" />
0
 
LVL 1

Expert Comment

by:MCKreed
ID: 20340086
http://support.microsoft.com/kb/326089

here is an article from Microsoft. It explains the process.

I'm not sure why you have a delegation tab. You may have an add on installed that extends AD users and computers.
0
 

Author Comment

by:Tech_View
ID: 20341908
Thank you thuannguy :). But currently I have impersonate with true value.
And, you mean that we have NETWORK SERVICE as a domain account?
0
 

Author Comment

by:Tech_View
ID: 20341915
Thank you MCKreed. I marked the "Trust this computer for delegation to any service (Kerberos only)" in Delegation tab, for both the web server, and shared folder machine. But still no improvement.
0
 
LVL 6

Expert Comment

by:thuannguy
ID: 20342727
Yes, 'true' is correct. I said it again because in my second answer, I give you a wrong example whose impersonate value is 'false'.
Regarding your question about domain user account: this is a quote from my second answer:
"However, at my company, we create a domain user account, give it permission to the share folder and run the application under that account:"

And the identity tag will be:
 <identity impersonate="true" userName="aDomainUserAccount" password="abcxyz" />
0
 
LVL 33

Expert Comment

by:raterus
ID: 20349799
Restart the web-server if you can.  None of my delegation settings in the past took effect until I did this.  Also, are you using a fully-qualified domain name on your webserver, e.g "intranet.mydomain.com", you'll need to configure some SPN's if that is the case.  Don't stick any credentials in the impersonate tag, they are not needed for what you want.
0
 

Author Comment

by:Tech_View
ID: 20381478
raterus,
I restarted the server, but nothing happened.
0
 
LVL 33

Expert Comment

by:raterus
ID: 20381766
How about the second part of my comment?  What does the URL for this website look like?
0
 

Author Comment

by:Tech_View
ID: 20391506
raterus,
For the webpage, I use fully qualified domain name on my webserver. for example: http://ln.x.y.net .
0
 
LVL 33

Accepted Solution

by:
raterus earned 2000 total points
ID: 20395273
You need to get the utility setspn.exe (in the resource pak for windows servers)
http://www.microsoft.com/downloads/details.aspx?FamilyId=6EC50B78-8BE1-4E81-B3BE-4E7AC4F0912D&displaylang=en

and add some SPN's to your domain to get a full qualified domain name to work here.

setspn -a HOST/ln.x.y.net WEBSERVERNAME
setspn -a HTTP/ln.x.y.net WEBSERVERNAME
0
 

Author Comment

by:Tech_View
ID: 20520798
I have to read about setspn carefully. I am not familiar with it. I will try and will have a feedback here ....
0
 
LVL 1

Expert Comment

by:Computer101
ID: 21135868
Forced accept.

Computer101
EE Admin
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes in DotNetNuke module development you want to swap controls within the same module definition.  In doing this DNN (somewhat annoyingly) swaps the Skin and Container definitions to the default admin selections.  To get around this you need t…
A quick way to get a menu to work on our website, is using the Menu control and assign it to a web.sitemap using SiteMapDataSource. Example of web.sitemap file: (CODE) Sample code to add to the page menu: (CODE) Running the application, we wi…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
Suggested Courses

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question