IdentityPool User / Network Service Accessing network shares on other machines

Question

User354093104 posted

Hello,

I have an asp.net site installed on an IIS 7.x machine.

The pool identity is defined as network service (or identity user, same results)

In the code it is trying to access a network share like "q:\folder\file.jpeg"

I have defined access security in this file for the IIS machine account - full control.

But still i get an error when trying to open file from the asp.net code.

I enabled access audting on that file on the machine it resides.

I see:

A network share object was checked to see whether client can be granted desired access.

Subject:

Security ID: PENTAGON\PPN$

Account Name: PPN$

Account Domain: PENTAGON

Logon ID: 0x38dff359

Network Information:

Object Type: File

Source Address: 192.168.0.93

Source Port: 56374

Share Information:

Share Name: \\*\Drive Q

Share Path: \??\D:\Drive Q

Relative Target Name: Pentagon\QA\Images\IMG_8048.JPG

Access Request Information:

Access Mask: 0x80

Accesses: ReadAttributes

Access Check Results:

ReadAttributes: Not granted

What am i doing wrong?

Thanks,

Roy.

Answer 1

User-1509636757 posted

pool identity is defined as network service

This should not happen if you have properly provided access rights to shared folder/fiiles.

If you are using Network Service as pool identity, then did you give 'Network Service' account of the machine where site is hosted; to have full access rights on that folder/file? Please check it.

hope it helps./.

Answer 2

User354093104 posted

Hello,

I want to attach the image of my access settings for this file.

How can i attach a file or show an image from my desktop?

Thanks,

Roy.

Answer 3

User-1509636757 posted

you can upload the image somewhere (like 4shared or dropbox, skydrive) and paste link to the image here.

Answer 4

User354093104 posted

Hello,

Here is a link to the screen picture of the security.

PPN is the name of the IIS machine.

The account of the pool in IIS 7.x is set to network service user of the local IIS machine (PPN)

https://skydrive.live.com/redir?resid=D0A9C5EFF4393FAA!117&authkey=!AH9LZNMsWGp29YU

As you can see it has full rights to this file.

Thanks,

Bye

Answer 5

User361859439 posted

Hi,

looking at the screenshot. It seems the permissions are not perfect. You need to give full access to the user "Network Services"  for the folder images.

Rakesh
M6.Net
http://www.M6.Net – Expert Windows Hosting Since 1997

Answer 6

User354093104 posted

Hello,

We have 2 machines invloved:

1. PPN -> IIS

2. Q -> Machine with share

When i set the account of the IIS identity pool to Network Service (local on PPN) it shows as domain account PPN$ when trying to access the share folder on machine Q.

As you can see the PPN$ has full rights on file.

Thanks,

Bye

Answer 7

User354093104 posted

Hello,

In the end we defined another domain users with permission only for specific folder.

In IIS we set the account of the app pool to this user and checked load profile flag.

It worked.

Thanks,

Bye