?
Solved

ASP 'Access to the path...is denied' error after demoting web server

Posted on 2009-04-07
5
Medium Priority
?
693 Views
Last Modified: 2012-05-06
We have a Windows Server 2003 IIS 6 web server (let's call it 'webserver') that is also a domain controller.  Webserver is hosting an ASP 2.0 web application that creates a folder on a different 2003 server ('otherserver').  Here's the very simple VB code for that operation:

Line1 Dim path As String = "\\otherserver\d$\FolderToCreate\"
Line2 System.IO.Directory.CreateDirectory(path)

It was working fine until we demoted webserver from being a domain contoller.  Now Line2 causes us to receive a login dialog similar to
"Connect to webserver.mydomain.com".  Interesting, since the path we're trying to create is not on webserver.  Anyway, we've tried many user names and passwords, with no success.  After 3 tries, a web page appears that shows:

Server Error in '/test' Application.
---------------------------------------

Access to the path '\\otherserver\d$\FolderToCreate' is denied.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.UnauthorizedAccessException: Access to the path '\\otherserver\d$\FolderToCreate' is denied.

ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6) that is used if the application is not impersonating. If the application is impersonating via <identity impersonate="true"/>, the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user.


I assure you, we've tried granting full permission to every account and group imaginable to the destination area, including Network Service, IUSR_WEBSERVER, Domain Users, Everyone, etc, etc.

We have also tried many combinations of
web.config --> <identity impersonate="true"/>
Authentication methods --> Enable anonymous access
Authentication methods --> Integrated Windows Authentication

Thanks in advance for your thoughts!
0
Comment
Question by:footpaul
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 4

Accepted Solution

by:
rentonc earned 750 total points
ID: 24088711
Hi footpaul,

You realize d$ is a hidden share drive and that you should be using the full shared path.
In IIS, make sure you have a virtual directory pointing to the other servers folder where you want to create files.

Chris
0
 

Author Comment

by:footpaul
ID: 24091185
Thanks, Chris.

We tried other shares on the destination server, with the same result.  Here's the code for that:
Line1 Dim path As String = "\\otherserver\testshare\FolderToCreate\"
Line2 System.IO.Directory.CreateDirectory(path)

We also tried your other suggestion, creating a virtual directory ("vdtest") on webserver that points to the destination area on otherserver, but we're not sure if we've tried the correct code for the webpage.  We tried:
Dim path As String = "\\otherserver\vdtest\FolderToCreate\"
*in this case, we get the error "The network path was not found"
and
Dim path As String = "\\webserver\vdtest\FolderToCreate\"
*in this case, we get the error "The network path was not found"
and
Dim path As String = "//webserver/vdtest/FolderToCreate/"
*in this case, we get the error "The network path was not found"
and
Dim path As String = "http://webserver/vdtest/FolderToCreate/"
*in this case, we get the error "URI formats are not supported"

Did we understand your suggestion correctly?

Any other thoughts?

Thanks,
footpaul
0
 
LVL 28

Assisted Solution

by:sybe
sybe earned 750 total points
ID: 24091784
> I assure you, we've tried granting full permission to every account and group imaginable to the destination area, including Network Service, IUSR_WEBSERVER, Domain Users, Everyone, etc, etc.

Still not good enough. You can not easily permissions to IUSR_<othermachine>, because IUSR is a local account. What might be working is to create a local account on the server named IUSR_<othermachine> AND give it exactly the same password.

But better is to map a drive to the other machine on-the-fly with username/password and diconnect it after you are done.

I am not sure how you would do that exactly in .Net, but here how it can be done with VBScript (and that should work with ASP.Net almost unchanged)
Set oNetwork = CreateObject("WScript.Network")
oNetwork.MapNetworkDrive "Q", "\\server\share\", False, sUser, sPass
' do your thing on "Q:\"
oNetwork.RemoveNetworkDrive(sShareLetter)

Open in new window

0
 
LVL 4

Expert Comment

by:rentonc
ID: 24098744
Try using the local administrator username and password when creating the virtual directory in IIS to the other server.
0
 

Author Comment

by:footpaul
ID: 24100644
We have resolved our problem by setting
<identity impersonate="false" />
AND
Giving "Network Service" necessary permissions on the appropriate file system areas and to our SQL Server database.

A big thanks to rentonc and sybe for your efforts, but we cannot award points since your suggestions did not lead to the resolution.

Thanks!
footpaul

****************************************************

sybe:
Before we discovered the solution, we tried your suggestion as follows:

We mapped a drive to the other machine on-the-fly, using:
Line1 Dim oNetwork = CreateObject("WScript.Network")
Line2 oNetwork.MapNetworkDrive("P:", "\\otherserver\testshare", False, <myusername>, <mypwd>)
Line3 Dim path As String = "P:\FolderToCreate"
Line4 System.IO.Directory.CreateDirectory(path)
Line5 oNetwork.RemoveNetworkDrive("P")

But Line4 gives the error:
Server Error in '/testapp' Application.
--------------------------------------------------------------------------------
Could not find a part of the path 'P:\FolderToCreate'.

****************************************************

rentonc:
You suggested "Try using the local administrator username and password when creating the virtual directory in IIS to the other server."

We were logged in as the administrator when we created the virtual directory, and we were never prompted for a username and password during that process.  Perhaps we misunderstood your instructions, but as mentioned, this problem is resolved.
0

Featured Post

Learn how to optimize MySQL for your business need

With the increasing importance of apps & networks in both business & personal interconnections, perfor. has become one of the key metrics of successful communication. This ebook is a hands-on business-case-driven guide to understanding MySQL query parameter tuning & database perf

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question