Solved

ASP 'Access to the path...is denied' error after demoting web server

Posted on 2009-04-07
5
686 Views
Last Modified: 2012-05-06
We have a Windows Server 2003 IIS 6 web server (let's call it 'webserver') that is also a domain controller.  Webserver is hosting an ASP 2.0 web application that creates a folder on a different 2003 server ('otherserver').  Here's the very simple VB code for that operation:

Line1 Dim path As String = "\\otherserver\d$\FolderToCreate\"
Line2 System.IO.Directory.CreateDirectory(path)

It was working fine until we demoted webserver from being a domain contoller.  Now Line2 causes us to receive a login dialog similar to
"Connect to webserver.mydomain.com".  Interesting, since the path we're trying to create is not on webserver.  Anyway, we've tried many user names and passwords, with no success.  After 3 tries, a web page appears that shows:

Server Error in '/test' Application.
---------------------------------------

Access to the path '\\otherserver\d$\FolderToCreate' is denied.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.UnauthorizedAccessException: Access to the path '\\otherserver\d$\FolderToCreate' is denied.

ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6) that is used if the application is not impersonating. If the application is impersonating via <identity impersonate="true"/>, the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user.


I assure you, we've tried granting full permission to every account and group imaginable to the destination area, including Network Service, IUSR_WEBSERVER, Domain Users, Everyone, etc, etc.

We have also tried many combinations of
web.config --> <identity impersonate="true"/>
Authentication methods --> Enable anonymous access
Authentication methods --> Integrated Windows Authentication

Thanks in advance for your thoughts!
0
Comment
Question by:footpaul
  • 2
  • 2
5 Comments
 
LVL 4

Accepted Solution

by:
rentonc earned 250 total points
Comment Utility
Hi footpaul,

You realize d$ is a hidden share drive and that you should be using the full shared path.
In IIS, make sure you have a virtual directory pointing to the other servers folder where you want to create files.

Chris
0
 

Author Comment

by:footpaul
Comment Utility
Thanks, Chris.

We tried other shares on the destination server, with the same result.  Here's the code for that:
Line1 Dim path As String = "\\otherserver\testshare\FolderToCreate\"
Line2 System.IO.Directory.CreateDirectory(path)

We also tried your other suggestion, creating a virtual directory ("vdtest") on webserver that points to the destination area on otherserver, but we're not sure if we've tried the correct code for the webpage.  We tried:
Dim path As String = "\\otherserver\vdtest\FolderToCreate\"
*in this case, we get the error "The network path was not found"
and
Dim path As String = "\\webserver\vdtest\FolderToCreate\"
*in this case, we get the error "The network path was not found"
and
Dim path As String = "//webserver/vdtest/FolderToCreate/"
*in this case, we get the error "The network path was not found"
and
Dim path As String = "http://webserver/vdtest/FolderToCreate/"
*in this case, we get the error "URI formats are not supported"

Did we understand your suggestion correctly?

Any other thoughts?

Thanks,
footpaul
0
 
LVL 28

Assisted Solution

by:sybe
sybe earned 250 total points
Comment Utility
> I assure you, we've tried granting full permission to every account and group imaginable to the destination area, including Network Service, IUSR_WEBSERVER, Domain Users, Everyone, etc, etc.

Still not good enough. You can not easily permissions to IUSR_<othermachine>, because IUSR is a local account. What might be working is to create a local account on the server named IUSR_<othermachine> AND give it exactly the same password.

But better is to map a drive to the other machine on-the-fly with username/password and diconnect it after you are done.

I am not sure how you would do that exactly in .Net, but here how it can be done with VBScript (and that should work with ASP.Net almost unchanged)
Set oNetwork = CreateObject("WScript.Network")

oNetwork.MapNetworkDrive "Q", "\\server\share\", False, sUser, sPass

' do your thing on "Q:\"

oNetwork.RemoveNetworkDrive(sShareLetter)

Open in new window

0
 
LVL 4

Expert Comment

by:rentonc
Comment Utility
Try using the local administrator username and password when creating the virtual directory in IIS to the other server.
0
 

Author Comment

by:footpaul
Comment Utility
We have resolved our problem by setting
<identity impersonate="false" />
AND
Giving "Network Service" necessary permissions on the appropriate file system areas and to our SQL Server database.

A big thanks to rentonc and sybe for your efforts, but we cannot award points since your suggestions did not lead to the resolution.

Thanks!
footpaul

****************************************************

sybe:
Before we discovered the solution, we tried your suggestion as follows:

We mapped a drive to the other machine on-the-fly, using:
Line1 Dim oNetwork = CreateObject("WScript.Network")
Line2 oNetwork.MapNetworkDrive("P:", "\\otherserver\testshare", False, <myusername>, <mypwd>)
Line3 Dim path As String = "P:\FolderToCreate"
Line4 System.IO.Directory.CreateDirectory(path)
Line5 oNetwork.RemoveNetworkDrive("P")

But Line4 gives the error:
Server Error in '/testapp' Application.
--------------------------------------------------------------------------------
Could not find a part of the path 'P:\FolderToCreate'.

****************************************************

rentonc:
You suggested "Try using the local administrator username and password when creating the virtual directory in IIS to the other server."

We were logged in as the administrator when we created the virtual directory, and we were never prompted for a username and password during that process.  Perhaps we misunderstood your instructions, but as mentioned, this problem is resolved.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Screen Mirroring 7 37
can not add ASP.NET to IIS 8 26
DLL in ASP.NET 20 39
Windows server 2003 bootable iso 9 23
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Learn about cloud computing and its benefits for small business owners.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now