Solved

ASP 'Access to the path...is denied' error after demoting web server

Posted on 2009-04-07
5
691 Views
Last Modified: 2012-05-06
We have a Windows Server 2003 IIS 6 web server (let's call it 'webserver') that is also a domain controller.  Webserver is hosting an ASP 2.0 web application that creates a folder on a different 2003 server ('otherserver').  Here's the very simple VB code for that operation:

Line1 Dim path As String = "\\otherserver\d$\FolderToCreate\"
Line2 System.IO.Directory.CreateDirectory(path)

It was working fine until we demoted webserver from being a domain contoller.  Now Line2 causes us to receive a login dialog similar to
"Connect to webserver.mydomain.com".  Interesting, since the path we're trying to create is not on webserver.  Anyway, we've tried many user names and passwords, with no success.  After 3 tries, a web page appears that shows:

Server Error in '/test' Application.
---------------------------------------

Access to the path '\\otherserver\d$\FolderToCreate' is denied.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.UnauthorizedAccessException: Access to the path '\\otherserver\d$\FolderToCreate' is denied.

ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6) that is used if the application is not impersonating. If the application is impersonating via <identity impersonate="true"/>, the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user.


I assure you, we've tried granting full permission to every account and group imaginable to the destination area, including Network Service, IUSR_WEBSERVER, Domain Users, Everyone, etc, etc.

We have also tried many combinations of
web.config --> <identity impersonate="true"/>
Authentication methods --> Enable anonymous access
Authentication methods --> Integrated Windows Authentication

Thanks in advance for your thoughts!
0
Comment
Question by:footpaul
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 4

Accepted Solution

by:
rentonc earned 250 total points
ID: 24088711
Hi footpaul,

You realize d$ is a hidden share drive and that you should be using the full shared path.
In IIS, make sure you have a virtual directory pointing to the other servers folder where you want to create files.

Chris
0
 

Author Comment

by:footpaul
ID: 24091185
Thanks, Chris.

We tried other shares on the destination server, with the same result.  Here's the code for that:
Line1 Dim path As String = "\\otherserver\testshare\FolderToCreate\"
Line2 System.IO.Directory.CreateDirectory(path)

We also tried your other suggestion, creating a virtual directory ("vdtest") on webserver that points to the destination area on otherserver, but we're not sure if we've tried the correct code for the webpage.  We tried:
Dim path As String = "\\otherserver\vdtest\FolderToCreate\"
*in this case, we get the error "The network path was not found"
and
Dim path As String = "\\webserver\vdtest\FolderToCreate\"
*in this case, we get the error "The network path was not found"
and
Dim path As String = "//webserver/vdtest/FolderToCreate/"
*in this case, we get the error "The network path was not found"
and
Dim path As String = "http://webserver/vdtest/FolderToCreate/"
*in this case, we get the error "URI formats are not supported"

Did we understand your suggestion correctly?

Any other thoughts?

Thanks,
footpaul
0
 
LVL 28

Assisted Solution

by:sybe
sybe earned 250 total points
ID: 24091784
> I assure you, we've tried granting full permission to every account and group imaginable to the destination area, including Network Service, IUSR_WEBSERVER, Domain Users, Everyone, etc, etc.

Still not good enough. You can not easily permissions to IUSR_<othermachine>, because IUSR is a local account. What might be working is to create a local account on the server named IUSR_<othermachine> AND give it exactly the same password.

But better is to map a drive to the other machine on-the-fly with username/password and diconnect it after you are done.

I am not sure how you would do that exactly in .Net, but here how it can be done with VBScript (and that should work with ASP.Net almost unchanged)
Set oNetwork = CreateObject("WScript.Network")
oNetwork.MapNetworkDrive "Q", "\\server\share\", False, sUser, sPass
' do your thing on "Q:\"
oNetwork.RemoveNetworkDrive(sShareLetter)

Open in new window

0
 
LVL 4

Expert Comment

by:rentonc
ID: 24098744
Try using the local administrator username and password when creating the virtual directory in IIS to the other server.
0
 

Author Comment

by:footpaul
ID: 24100644
We have resolved our problem by setting
<identity impersonate="false" />
AND
Giving "Network Service" necessary permissions on the appropriate file system areas and to our SQL Server database.

A big thanks to rentonc and sybe for your efforts, but we cannot award points since your suggestions did not lead to the resolution.

Thanks!
footpaul

****************************************************

sybe:
Before we discovered the solution, we tried your suggestion as follows:

We mapped a drive to the other machine on-the-fly, using:
Line1 Dim oNetwork = CreateObject("WScript.Network")
Line2 oNetwork.MapNetworkDrive("P:", "\\otherserver\testshare", False, <myusername>, <mypwd>)
Line3 Dim path As String = "P:\FolderToCreate"
Line4 System.IO.Directory.CreateDirectory(path)
Line5 oNetwork.RemoveNetworkDrive("P")

But Line4 gives the error:
Server Error in '/testapp' Application.
--------------------------------------------------------------------------------
Could not find a part of the path 'P:\FolderToCreate'.

****************************************************

rentonc:
You suggested "Try using the local administrator username and password when creating the virtual directory in IIS to the other server."

We were logged in as the administrator when we created the virtual directory, and we were never prompted for a username and password during that process.  Perhaps we misunderstood your instructions, but as mentioned, this problem is resolved.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question