Access to non-virtual-directory UNC paths from IIS 6.0

  • Thread starter Jeff Johnson [MVP: VB]
  • Start date
J

Jeff Johnson [MVP: VB]

[Please let me know if there is a better group in which to post this
question.]

Background:
We have an ASP.NET Web app in my company which compares two data sources and
reports the differences between them. This app can handle different types of
data, both DBMS- and file-based. For file-based comparisons, we want the
user to be able to point to any share on the network to find the file. Given
this desire, we can't set up virtual directories to every possible share on
our network, so we need the code to be able to access the file through pure
UNC references.

Here's more detail:
- The Web server is running IIS 6.0 on Windows 2003 Server (duh).
- The Web server is part of our internal domain (not our Web farm), let's
call it MYCOMPANY.
- The WWW service (and IISAdmin) is running under LocalSystem.
- This particular Web site is NOT allowing anonymous access; the only access
is Integrated Windows Authorization.
- The page that is having problems has two INPUT TYPE="file" text boxes
which the user uses to specify the files for comparison.
- The code behind the page attempts to open OledbConnections against the UNC
paths taken from the INPUT boxes.
- This is the error we're getting:
The Microsoft Jet database engine cannot open the file
'\\BOB\BobsShare\SubFolder\AccessDB.mdb'. It is already opened exclusively
by another user, or you need permission to view its data.

No one has it open exclusively, and permissions are set correctly both on
the share (\\BOB\BobsShare) and on the underlying folder structure.
Specifically, the Everyone group has Change access through the share and
Modify access through NTFS.

I researched this issue through Google (thank god it's back up!) and came
across a TechNet article,
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/webapp/iis/remstorg.mspx.
I tried trusting the Web server for delegation, and gave it a half hour to
propagate the changes, but I still got the same error. I noticed that the
article really focuses on UNC paths used as the target of virtual
directories and, as stated earlier, that's not how we want to set this up.

Has anyone run into this issue before under these circumstances (i.e., no
anonymous access, code hitting UNC paths)? Any suggestions? Can anyone
confirm that what we want to do simply can't be done with IIS 6.0?
 
T

Tom Kaminski [MVP]

Jeff Johnson said:
[Please let me know if there is a better group in which to post this
question.]

Background:
We have an ASP.NET Web app in my company which compares two data sources and
reports the differences between them. This app can handle different types of
data, both DBMS- and file-based. For file-based comparisons, we want the
user to be able to point to any share on the network to find the file. Given
this desire, we can't set up virtual directories to every possible share on
our network, so we need the code to be able to access the file through pure
UNC references.

Here's more detail:
- The Web server is running IIS 6.0 on Windows 2003 Server (duh).
- The Web server is part of our internal domain (not our Web farm), let's
call it MYCOMPANY.
- The WWW service (and IISAdmin) is running under LocalSystem.
- This particular Web site is NOT allowing anonymous access; the only access
is Integrated Windows Authorization.
- The page that is having problems has two INPUT TYPE="file" text boxes
which the user uses to specify the files for comparison.
- The code behind the page attempts to open OledbConnections against the UNC
paths taken from the INPUT boxes.
- This is the error we're getting:
The Microsoft Jet database engine cannot open the file
'\\BOB\BobsShare\SubFolder\AccessDB.mdb'. It is already opened exclusively
by another user, or you need permission to view its data.

No one has it open exclusively, and permissions are set correctly both on
the share (\\BOB\BobsShare) and on the underlying folder structure.
Specifically, the Everyone group has Change access through the share and
Modify access through NTFS.

Can you enable security auditing on the file path to see what account is
being denied access?

--
Tom Kaminski IIS MVP
http://www.microsoft.com/windowsserver2003/community/centers/iis/
http://mvp.support.microsoft.com/
http://www.iisfaq.com/
http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS
http://www.tryiis.com
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,969
Messages
2,570,161
Members
46,708
Latest member
SherleneF1

Latest Threads

Top