[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

ASP 'Access to the path...is denied' error after demoting web server

Posted on 2009-04-07
5
Medium Priority
?
695 Views
Last Modified: 2012-05-06
We have a Windows Server 2003 IIS 6 web server (let's call it 'webserver') that is also a domain controller.  Webserver is hosting an ASP 2.0 web application that creates a folder on a different 2003 server ('otherserver').  Here's the very simple VB code for that operation:

Line1 Dim path As String = "\\otherserver\d$\FolderToCreate\"
Line2 System.IO.Directory.CreateDirectory(path)

It was working fine until we demoted webserver from being a domain contoller.  Now Line2 causes us to receive a login dialog similar to
"Connect to webserver.mydomain.com".  Interesting, since the path we're trying to create is not on webserver.  Anyway, we've tried many user names and passwords, with no success.  After 3 tries, a web page appears that shows:

Server Error in '/test' Application.
---------------------------------------

Access to the path '\\otherserver\d$\FolderToCreate' is denied.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.UnauthorizedAccessException: Access to the path '\\otherserver\d$\FolderToCreate' is denied.

ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6) that is used if the application is not impersonating. If the application is impersonating via <identity impersonate="true"/>, the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user.


I assure you, we've tried granting full permission to every account and group imaginable to the destination area, including Network Service, IUSR_WEBSERVER, Domain Users, Everyone, etc, etc.

We have also tried many combinations of
web.config --> <identity impersonate="true"/>
Authentication methods --> Enable anonymous access
Authentication methods --> Integrated Windows Authentication

Thanks in advance for your thoughts!
0
Comment
Question by:footpaul
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 4

Accepted Solution

by:
rentonc earned 750 total points
ID: 24088711
Hi footpaul,

You realize d$ is a hidden share drive and that you should be using the full shared path.
In IIS, make sure you have a virtual directory pointing to the other servers folder where you want to create files.

Chris
0
 

Author Comment

by:footpaul
ID: 24091185
Thanks, Chris.

We tried other shares on the destination server, with the same result.  Here's the code for that:
Line1 Dim path As String = "\\otherserver\testshare\FolderToCreate\"
Line2 System.IO.Directory.CreateDirectory(path)

We also tried your other suggestion, creating a virtual directory ("vdtest") on webserver that points to the destination area on otherserver, but we're not sure if we've tried the correct code for the webpage.  We tried:
Dim path As String = "\\otherserver\vdtest\FolderToCreate\"
*in this case, we get the error "The network path was not found"
and
Dim path As String = "\\webserver\vdtest\FolderToCreate\"
*in this case, we get the error "The network path was not found"
and
Dim path As String = "//webserver/vdtest/FolderToCreate/"
*in this case, we get the error "The network path was not found"
and
Dim path As String = "http://webserver/vdtest/FolderToCreate/"
*in this case, we get the error "URI formats are not supported"

Did we understand your suggestion correctly?

Any other thoughts?

Thanks,
footpaul
0
 
LVL 28

Assisted Solution

by:sybe
sybe earned 750 total points
ID: 24091784
> I assure you, we've tried granting full permission to every account and group imaginable to the destination area, including Network Service, IUSR_WEBSERVER, Domain Users, Everyone, etc, etc.

Still not good enough. You can not easily permissions to IUSR_<othermachine>, because IUSR is a local account. What might be working is to create a local account on the server named IUSR_<othermachine> AND give it exactly the same password.

But better is to map a drive to the other machine on-the-fly with username/password and diconnect it after you are done.

I am not sure how you would do that exactly in .Net, but here how it can be done with VBScript (and that should work with ASP.Net almost unchanged)
Set oNetwork = CreateObject("WScript.Network")
oNetwork.MapNetworkDrive "Q", "\\server\share\", False, sUser, sPass
' do your thing on "Q:\"
oNetwork.RemoveNetworkDrive(sShareLetter)

Open in new window

0
 
LVL 4

Expert Comment

by:rentonc
ID: 24098744
Try using the local administrator username and password when creating the virtual directory in IIS to the other server.
0
 

Author Comment

by:footpaul
ID: 24100644
We have resolved our problem by setting
<identity impersonate="false" />
AND
Giving "Network Service" necessary permissions on the appropriate file system areas and to our SQL Server database.

A big thanks to rentonc and sybe for your efforts, but we cannot award points since your suggestions did not lead to the resolution.

Thanks!
footpaul

****************************************************

sybe:
Before we discovered the solution, we tried your suggestion as follows:

We mapped a drive to the other machine on-the-fly, using:
Line1 Dim oNetwork = CreateObject("WScript.Network")
Line2 oNetwork.MapNetworkDrive("P:", "\\otherserver\testshare", False, <myusername>, <mypwd>)
Line3 Dim path As String = "P:\FolderToCreate"
Line4 System.IO.Directory.CreateDirectory(path)
Line5 oNetwork.RemoveNetworkDrive("P")

But Line4 gives the error:
Server Error in '/testapp' Application.
--------------------------------------------------------------------------------
Could not find a part of the path 'P:\FolderToCreate'.

****************************************************

rentonc:
You suggested "Try using the local administrator username and password when creating the virtual directory in IIS to the other server."

We were logged in as the administrator when we created the virtual directory, and we were never prompted for a username and password during that process.  Perhaps we misunderstood your instructions, but as mentioned, this problem is resolved.
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What is an ISAPI filter?   •      It's an assembly (.dll file) that can add or change the way IIS works.   •      They can be enabled globally for your web server or on a site-by-site basis.   When the IIS server receives a request, enabling the ISAPI fi…
If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question