|
|
You're in the
iis security
group:Problems with writing to a file on IIS 6.0
iis security:
IIS. The web server creates a file in the application directory and writes to it. My application needs to run on 2K, 2K3 and XP, i.e. IIS 5.0, 5.1 and 6.0. I cannot use 'Inegrated Windows Authentication' (on my client's request) so i have enabled the anonymous access. In 2K and XP systems, I gave the ASPNET user full control on the physical directory and made it the id for 'Anonymous Access' for that virtual directory. The application runs fine. But on a machine with IIS 6.0, I am facing problems. The user NETWORK SERVICE has full control on the physical directory, but what should be the anonymous access user? The NETWORK SERVICE is not available for anonymous access. Using the IUSR_ id for anonymous access did not help since it does not have the required permissions. How can I write to file on IIS 6.0? Please let me know if there is any way of solving this preferably without creating a new user account.
The impersonation is set to true in the config file, what would
ASP.NET run as in my case? And i also need to use the anonymous access to provide access without any authentication. [quoted text, click to view] Ken Schaefer wrote:
> If you are using an ASP.NET application without impersonation, then your > ASP.NET code runs as Network Service (not the anonymous user account in > IIS). There should be no need to make the Network Service account the > anonymous user account. > > Cheers > Ken > > <sarika.koganti@gmail.com> wrote in message > news:243cf163-87fc-4c67-8a2e-51389f904b61@k39g2000hsf.googlegroups.com... > >I have an ASP.Net application which accesses a web server hosted on > > IIS. The web server creates a file in the application directory and > > writes to it. My application needs to run on 2K, 2K3 and XP, i.e. IIS > > 5.0, 5.1 and 6.0. > > I cannot use 'Inegrated Windows Authentication' (on my client's > > request) so i have enabled the anonymous access. In 2K and XP systems, > > I gave the ASPNET user full control on the physical directory and made > > it the id for 'Anonymous Access' for that virtual directory. The > > application runs fine. > > > > But on a machine with IIS 6.0, I am facing problems. The user NETWORK > > SERVICE has full control on the physical directory, but what should be > > the anonymous access user? The NETWORK SERVICE is not available for > > anonymous access. Using the IUSR_ id for anonymous access did not help > > since it does not have the required permissions. How can I write to > > file on IIS 6.0? > > > > Please let me know if there is any way of solving this preferably > > without creating a new user account. > >
If you are using an ASP.NET application without impersonation, then your
ASP.NET code runs as Network Service (not the anonymous user account in IIS). There should be no need to make the Network Service account the anonymous user account. Cheers Ken [quoted text, click to view] <sarika.koganti@gmail.com> wrote in message
news:243cf163-87fc-4c67-8a2e-51389f904b61@k39g2000hsf.googlegroups.com... >I have an ASP.Net application which accesses a web server hosted on > IIS. The web server creates a file in the application directory and > writes to it. My application needs to run on 2K, 2K3 and XP, i.e. IIS > 5.0, 5.1 and 6.0. > I cannot use 'Inegrated Windows Authentication' (on my client's > request) so i have enabled the anonymous access. In 2K and XP systems, > I gave the ASPNET user full control on the physical directory and made > it the id for 'Anonymous Access' for that virtual directory. The > application runs fine. > > But on a machine with IIS 6.0, I am facing problems. The user NETWORK > SERVICE has full control on the physical directory, but what should be > the anonymous access user? The NETWORK SERVICE is not available for > anonymous access. Using the IUSR_ id for anonymous access did not help > since it does not have the required permissions. How can I write to > file on IIS 6.0? > > Please let me know if there is any way of solving this preferably > without creating a new user account. > >
Do you mean disable the anonymous access and use the integrated
windows authentication instead? This method works fine, but only when the user logged on is a domain user account. If the user logs in as the local system admin, the application fails. [quoted text, click to view] Ken Schaefer wrote:
> In that case, the configured IIS anonymous user is used. > > By why don't you just disable impersonation? Then IUSR_<machinename> is not > used - instead Network Service is used. > > Cheers > Ken > > <sarika.koganti@gmail.com> wrote in message > news:b2ad6fcc-af8d-4e84-9f17-3be17efec782@n20g2000hsh.googlegroups.com... > > The impersonation is set to true in the config file, what would > > ASP.NET run as in my case? > > And i also need to use the anonymous access to provide access without > > any authentication. > > > > > > Ken Schaefer wrote: > >> If you are using an ASP.NET application without impersonation, then your > >> ASP.NET code runs as Network Service (not the anonymous user account in > >> IIS). There should be no need to make the Network Service account the > >> anonymous user account. > >> > >> Cheers > >> Ken > >> > >> <sarika.koganti@gmail.com> wrote in message > >> news:243cf163-87fc-4c67-8a2e-51389f904b61@k39g2000hsf.googlegroups.com... > >> >I have an ASP.Net application which accesses a web server hosted on > >> > IIS. The web server creates a file in the application directory and > >> > writes to it. My application needs to run on 2K, 2K3 and XP, i.e. IIS > >> > 5.0, 5.1 and 6.0. > >> > I cannot use 'Inegrated Windows Authentication' (on my client's > >> > request) so i have enabled the anonymous access. In 2K and XP systems, > >> > I gave the ASPNET user full control on the physical directory and made > >> > it the id for 'Anonymous Access' for that virtual directory. The > >> > application runs fine. > >> > > >> > But on a machine with IIS 6.0, I am facing problems. The user NETWORK > >> > SERVICE has full control on the physical directory, but what should be > >> > the anonymous access user? The NETWORK SERVICE is not available for > >> > anonymous access. Using the IUSR_ id for anonymous access did not help > >> > since it does not have the required permissions. How can I write to > >> > file on IIS 6.0? > >> > > >> > Please let me know if there is any way of solving this preferably > >> > without creating a new user account. > >> >
In that case, the configured IIS anonymous user is used.
By why don't you just disable impersonation? Then IUSR_<machinename> is not used - instead Network Service is used. Cheers Ken [quoted text, click to view] <sarika.koganti@gmail.com> wrote in message
news:b2ad6fcc-af8d-4e84-9f17-3be17efec782@n20g2000hsh.googlegroups.com... > The impersonation is set to true in the config file, what would > ASP.NET run as in my case? > And i also need to use the anonymous access to provide access without > any authentication. > > > Ken Schaefer wrote: >> If you are using an ASP.NET application without impersonation, then your >> ASP.NET code runs as Network Service (not the anonymous user account in >> IIS). There should be no need to make the Network Service account the >> anonymous user account. >> >> Cheers >> Ken >> >> <sarika.koganti@gmail.com> wrote in message >> news:243cf163-87fc-4c67-8a2e-51389f904b61@k39g2000hsf.googlegroups.com... >> >I have an ASP.Net application which accesses a web server hosted on >> > IIS. The web server creates a file in the application directory and >> > writes to it. My application needs to run on 2K, 2K3 and XP, i.e. IIS >> > 5.0, 5.1 and 6.0. >> > I cannot use 'Inegrated Windows Authentication' (on my client's >> > request) so i have enabled the anonymous access. In 2K and XP systems, >> > I gave the ASPNET user full control on the physical directory and made >> > it the id for 'Anonymous Access' for that virtual directory. The >> > application runs fine. >> > >> > But on a machine with IIS 6.0, I am facing problems. The user NETWORK >> > SERVICE has full control on the physical directory, but what should be >> > the anonymous access user? The NETWORK SERVICE is not available for >> > anonymous access. Using the IUSR_ id for anonymous access did not help >> > since it does not have the required permissions. How can I write to >> > file on IIS 6.0? >> > >> > Please let me know if there is any way of solving this preferably >> > without creating a new user account. >> > >> >
I disabled the impersonation, then I got the 'not authorized to view
this page' error. I had to check the integrated windows authentication for the application to start. Is there any disadvantage of using the windows authentication over anonymous access? [quoted text, click to view] Ken Schaefer wrote:
> No, > > I am saying disable Impersonation in your web.config, and then ASP.NET pages > will use Network Service (or whatever your web app pool identity is) > > Cheers > Ken > > <sarika.koganti@gmail.com> wrote in message > news:719b0274-55cf-4529-866a-a5ba67c57634@j78g2000hsd.googlegroups.com... > > Do you mean disable the anonymous access and use the integrated > > windows authentication instead? > > This method works fine, but only when the user logged on is a domain > > user account. If the user logs in as the local system admin, the > > application fails. > > > > > > Ken Schaefer wrote: > >> In that case, the configured IIS anonymous user is used. > >> > >> By why don't you just disable impersonation? Then IUSR_<machinename> is > >> not > >> used - instead Network Service is used. > >> > >> Cheers > >> Ken > >> > >> <sarika.koganti@gmail.com> wrote in message > >> news:b2ad6fcc-af8d-4e84-9f17-3be17efec782@n20g2000hsh.googlegroups.com... > >> > The impersonation is set to true in the config file, what would > >> > ASP.NET run as in my case? > >> > And i also need to use the anonymous access to provide access without > >> > any authentication. > >> > > >> > > >> > Ken Schaefer wrote: > >> >> If you are using an ASP.NET application without impersonation, then > >> >> your > >> >> ASP.NET code runs as Network Service (not the anonymous user account > >> >> in > >> >> IIS). There should be no need to make the Network Service account the > >> >> anonymous user account. > >> >> > >> >> Cheers > >> >> Ken > >> >> > >> >> <sarika.koganti@gmail.com> wrote in message > >> >> news:243cf163-87fc-4c67-8a2e-51389f904b61@k39g2000hsf.googlegroups.com... > >> >> >I have an ASP.Net application which accesses a web server hosted on > >> >> > IIS. The web server creates a file in the application directory and > >> >> > writes to it. My application needs to run on 2K, 2K3 and XP, i.e. > >> >> > IIS > >> >> > 5.0, 5.1 and 6.0. > >> >> > I cannot use 'Inegrated Windows Authentication' (on my client's > >> >> > request) so i have enabled the anonymous access. In 2K and XP > >> >> > systems, > >> >> > I gave the ASPNET user full control on the physical directory and > >> >> > made > >> >> > it the id for 'Anonymous Access' for that virtual directory. The > >> >> > application runs fine. > >> >> > > >> >> > But on a machine with IIS 6.0, I am facing problems. The user > >> >> > NETWORK > >> >> > SERVICE has full control on the physical directory, but what should > >> >> > be > >> >> > the anonymous access user? The NETWORK SERVICE is not available for > >> >> > anonymous access. Using the IUSR_ id for anonymous access did not > >> >> > help > >> >> > since it does not have the required permissions. How can I write to > >> >> > file on IIS 6.0? > >> >> > > >> >> > Please let me know if there is any way of solving this preferably > >> >> > without creating a new user account. > >> >> >
No,
I am saying disable Impersonation in your web.config, and then ASP.NET pages will use Network Service (or whatever your web app pool identity is) Cheers Ken [quoted text, click to view] <sarika.koganti@gmail.com> wrote in message
news:719b0274-55cf-4529-866a-a5ba67c57634@j78g2000hsd.googlegroups.com... > Do you mean disable the anonymous access and use the integrated > windows authentication instead? > This method works fine, but only when the user logged on is a domain > user account. If the user logs in as the local system admin, the > application fails. > > > Ken Schaefer wrote: >> In that case, the configured IIS anonymous user is used. >> >> By why don't you just disable impersonation? Then IUSR_<machinename> is >> not >> used - instead Network Service is used. >> >> Cheers >> Ken >> >> <sarika.koganti@gmail.com> wrote in message >> news:b2ad6fcc-af8d-4e84-9f17-3be17efec782@n20g2000hsh.googlegroups.com... >> > The impersonation is set to true in the config file, what would >> > ASP.NET run as in my case? >> > And i also need to use the anonymous access to provide access without >> > any authentication. >> > >> > >> > Ken Schaefer wrote: >> >> If you are using an ASP.NET application without impersonation, then >> >> your >> >> ASP.NET code runs as Network Service (not the anonymous user account >> >> in >> >> IIS). There should be no need to make the Network Service account the >> >> anonymous user account. >> >> >> >> Cheers >> >> Ken >> >> >> >> <sarika.koganti@gmail.com> wrote in message >> >> news:243cf163-87fc-4c67-8a2e-51389f904b61@k39g2000hsf.googlegroups.com... >> >> >I have an ASP.Net application which accesses a web server hosted on >> >> > IIS. The web server creates a file in the application directory and >> >> > writes to it. My application needs to run on 2K, 2K3 and XP, i.e. >> >> > IIS >> >> > 5.0, 5.1 and 6.0. >> >> > I cannot use 'Inegrated Windows Authentication' (on my client's >> >> > request) so i have enabled the anonymous access. In 2K and XP >> >> > systems, >> >> > I gave the ASPNET user full control on the physical directory and >> >> > made >> >> > it the id for 'Anonymous Access' for that virtual directory. The >> >> > application runs fine. >> >> > >> >> > But on a machine with IIS 6.0, I am facing problems. The user >> >> > NETWORK >> >> > SERVICE has full control on the physical directory, but what should >> >> > be >> >> > the anonymous access user? The NETWORK SERVICE is not available for >> >> > anonymous access. Using the IUSR_ id for anonymous access did not >> >> > help >> >> > since it does not have the required permissions. How can I write to >> >> > file on IIS 6.0? >> >> > >> >> > Please let me know if there is any way of solving this preferably >> >> > without creating a new user account. >> >> > >> >> >
[quoted text, click to view] <sarika.koganti@gmail.com> wrote in message news:ee0d52a7-0b0d-44c2-b243-afd667c065f1@f10g2000hsf.googlegroups.com... >I disabled the impersonation, then I got the 'not authorized to view > this page' error. Then you need to give Network Service access to the pages/resources in question. [quoted text, click to view] > I had to check the integrated windows authentication > for the application to start. No - that should make no difference. Do not set an authentication mode in web.config, and do not enable impersonation. [quoted text, click to view] > > Is there any disadvantage of using the windows authentication over > anonymous access? They are completely different. Windows Authentication means that the end user must supply Windows credentials to *authenticate*. Anonymous access means that a preconfigured user account is used. Impersonation is something completely different to authentication. Cheers Ken [quoted text, click to view] >
> Ken Schaefer wrote: >> No, >> >> I am saying disable Impersonation in your web.config, and then ASP.NET >> pages >> will use Network Service (or whatever your web app pool identity is) >> >> Cheers >> Ken >> >> <sarika.koganti@gmail.com> wrote in message >> news:719b0274-55cf-4529-866a-a5ba67c57634@j78g2000hsd.googlegroups.com... >> > Do you mean disable the anonymous access and use the integrated >> > windows authentication instead? >> > This method works fine, but only when the user logged on is a domain >> > user account. If the user logs in as the local system admin, the >> > application fails. >> > >> > >> > Ken Schaefer wrote: >> >> In that case, the configured IIS anonymous user is used. >> >> >> >> By why don't you just disable impersonation? Then IUSR_<machinename> >> >> is >> >> not >> >> used - instead Network Service is used. >> >> >> >> Cheers >> >> Ken >> >> >> >> <sarika.koganti@gmail.com> wrote in message >> >> news:b2ad6fcc-af8d-4e84-9f17-3be17efec782@n20g2000hsh.googlegroups.com... >> >> > The impersonation is set to true in the config file, what would >> >> > ASP.NET run as in my case? >> >> > And i also need to use the anonymous access to provide access >> >> > without >> >> > any authentication. >> >> > >> >> > >> >> > Ken Schaefer wrote: >> >> >> If you are using an ASP.NET application without impersonation, then >> >> >> your >> >> >> ASP.NET code runs as Network Service (not the anonymous user >> >> >> account >> >> >> in >> >> >> IIS). There should be no need to make the Network Service account >> >> >> the >> >> >> anonymous user account. >> >> >> >> >> >> Cheers >> >> >> Ken >> >> >> >> >> >> <sarika.koganti@gmail.com> wrote in message >> >> >> news:243cf163-87fc-4c67-8a2e-51389f904b61@k39g2000hsf.googlegroups.com... >> >> >> >I have an ASP.Net application which accesses a web server hosted >> >> >> >on >> >> >> > IIS. The web server creates a file in the application directory >> >> >> > and >> >> >> > writes to it. My application needs to run on 2K, 2K3 and XP, i.e. >> >> >> > IIS >> >> >> > 5.0, 5.1 and 6.0. >> >> >> > I cannot use 'Inegrated Windows Authentication' (on my client's >> >> >> > request) so i have enabled the anonymous access. In 2K and XP >> >> >> > systems, >> >> >> > I gave the ASPNET user full control on the physical directory and >> >> >> > made >> >> >> > it the id for 'Anonymous Access' for that virtual directory. The >> >> >> > application runs fine. >> >> >> > >> >> >> > But on a machine with IIS 6.0, I am facing problems. The user >> >> >> > NETWORK >> >> >> > SERVICE has full control on the physical directory, but what >> >> >> > should >> >> >> > be >> >> >> > the anonymous access user? The NETWORK SERVICE is not available >> >> >> > for >> >> >> > anonymous access. Using the IUSR_ id for anonymous access did not >> >> >> > help >> >> >> > since it does not have the required permissions. How can I write >> >> >> > to >> >> >> > file on IIS 6.0? >> >> >> > >> >> >> > Please let me know if there is any way of solving this preferably >> >> >> > without creating a new user account. >> >> >> > >> >> >> >
Don't see what you're looking for? Try a search.
|
June 2003
July 2003
August 2003
September 2003
October 2003
November 2003
December 2003
January 2004
February 2004
March 2004
April 2004
May 2004
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |