Accessing network file form ASP page

[Lamberti Fabrizio]

Hi all,
I've to access to a network file from an asp pages.

I've red a lot of things on old posts and on Microsoft article but I can't
still solve my problem.

I've got two server inside the same NT domain, each one has its own web
server.

The web server is always IIS 5.0.

One of this web server have to access to a network file in writing mode
inside the other server.

I've tried using this code
-------------------
Set fso = Server.CreateObject("Scripting.fileSystemObject")
uri=\\web21bcklab\c$\Inetpub\wwwroot\WebModules\Logger\debugLog.txt
Response.Write fso.FileExists(uri)
---------------------

the existence check returns always false. why ?

How can I solve this problem ?

thx

 

[Tom Kaminski [MVP]]

Hi all,
I've to access to a network file from an asp pages.

I've red a lot of things on old posts and on Microsoft article but I can't
still solve my problem.

I've got two server inside the same NT domain, each one has its own web
server.

The web server is always IIS 5.0.

One of this web server have to access to a network file in writing mode
inside the other server.

I've tried using this code
-------------------
Set fso = Server.CreateObject("Scripting.fileSystemObject")
uri=\\web21bcklab\c$\Inetpub\wwwroot\WebModules\Logger\debugLog.txt
Response.Write fso.FileExists(uri)
---------------------

the existence check returns always false. why ?

How can I solve this problem ?

http://www.aspfaq.com/show.asp?id=2168

 

[Thomas P. Skinner [MVP]]

He is not trying to access an Access file but rather a text file. I think
the problem is using an administrative share. c$, rather than a public
share.

Set up a public share on the directory containing the file, e.g., pubdir,
and access it as \\pubdir\filename.

Tom Skinner [ C# MVP]

 

[Lamberti Fabrizio]

It's the same with a public share.

I've already tried it

He is not trying to access an Access file but rather a text file. I think
the problem is using an administrative share. c$, rather than a public
share.

Set up a public share on the directory containing the file, e.g., pubdir,
and access it as \\pubdir\filename.

Tom Skinner [ C# MVP]

http://www.aspfaq.com/show.asp?id=2168

--
Tom Kaminski IIS MVP
http://www.microsoft.com/windowsserver2003/community/centers/iis/
http://mvp.support.microsoft.com/
http://www.iistoolshed.com/ - tools, scripts, and utilities for running
IIS

 

[Tom Kaminski [MVP]]

Yes - but the procedure provided by Aaron is the same.

Good point about the share - C$ is only available to admins.

He is not trying to access an Access file but rather a text file. I think
the problem is using an administrative share. c$, rather than a public
share.

Set up a public share on the directory containing the file, e.g., pubdir,
and access it as \\pubdir\filename.

Tom Skinner [ C# MVP]

http://www.aspfaq.com/show.asp?id=2168

--
Tom Kaminski IIS MVP
http://www.microsoft.com/windowsserver2003/community/centers/iis/
http://mvp.support.microsoft.com/
http://www.iistoolshed.com/ - tools, scripts, and utilities for running
IIS

 

[Aaron [SQL Server MVP]]

He is not trying to access an Access file but rather a text file.

The problem is still the same. IUSR cannot touch a text for the same
reasons it can't touch an MDB file... the other machine doesn't know who he
is!

I think the problem is using an administrative share. c$, rather than a public
share.

Yes, this definitely part of the problem. The only way you could have C$ be
used is if you add WebServer\IUSR_WebServer to the local admin group on the
server web21bcklab ... not exactly a recommended approach, but I guess it
depends on the environment. I'd prefer to have public shares explicitly
granted access than suddenly give IUSR carte blanche over the whole server.

A

 

[Lamberti Fabrizio]

Your solution is formally correct but it's doesn't solve completly my
problem.

I've an asp file inside a virtual directory with necessary only Windows
Integrated Authentication enabled. That file have to access to text file
inside another host member of the same NT domain.

The authentication inside asp file is made only with domain user. By this
domain users I can manually access to tha text file, but my web server can
not.

Does my web server always access to text file on network share only by using
IUSR_webserver user ?

 

[Roland Hall]

: Hi all,
: I've to access to a network file from an asp pages.
:
: I've red a lot of things on old posts and on Microsoft article but I can't
: still solve my problem.
:
: I've got two server inside the same NT domain, each one has its own web
: server.
:
: The web server is always IIS 5.0.
:
: One of this web server have to access to a network file in writing mode
: inside the other server.
:
: I've tried using this code
: -------------------
: Set fso = Server.CreateObject("Scripting.fileSystemObject")
: uri=\\web21bcklab\c$\Inetpub\wwwroot\WebModules\Logger\debugLog.txt
: Response.Write fso.FileExists(uri)
: ---------------------
:
: the existence check returns always false. why ?
:
: How can I solve this problem ?

How often does it need to be accessed and how updated does the data need to
be?

--
Roland Hall
/* This information is distributed in the hope that it will be useful, but
without any warranty; without even the implied warranty of merchantability
or fitness for a particular purpose. */
Technet Script Center - http://www.microsoft.com/technet/scriptcenter/
WSH 5.6 Documentation - http://msdn.microsoft.com/downloads/list/webdev.asp
MSDN Library - http://msdn.microsoft.com/library/default.asp

 

[Thomas P. Skinner [MVP]]

It's not the web server, but rather the ISAPI extension. In this case
ASP.dll. ASP.NET doesn't run under IUSR_server, but rather under the account
ASPNET on XP Pro and under NETWORK on WS3 if I recall correctly. With
ASP.NET there are ways of impersonating a user and therefore any actions by
that user would have that users security token. Unfortunately I don't think
there is any way to do this under ASP other than writing your own ISAPI
extension. You are probably stuck with IUSR_server credentials. I might be
wrong though. Personally I would switch to ASP.NET.

You can always put this file in its own directory and make it a public
writable share and then your server could access it regardless of
authentication credentials. Of course this offers no protection.

Tom Skinner [C# MVP]

 

[Lamberti Fabrizio]

I can't understand why you want to know this kind of information.

That file could be access a lot of time in some days and just a few in other
ones

 

[Aaron [SQL Server MVP]]

I can't understand why you want to know this kind of information.

Why can't you just answer the question, instead of being defensive about it?
Maybe the response after that would show you why he was asking...

He was probably wondering if the file could be copied locally on a schedule,
so that ASP had access to it locally. Then you don't have to change
permissions and deal with an app having access to important shares.

You should look into DFS, perhaps.

 

[Lamberti Fabrizio]

I can't move to local that text file.

I have to access remotely to that file by using an asp file publish on a web
server.

 

[Aaron [SQL Server MVP]]

Then you're going to have to set IIS to run that application/virtual
directory/site as a domain authenticated user instead of IUSR. Again,
http://www.aspfaq.com/show.asp?id=2168 tells you how to change the user that
IIS impersonates. You should read through it.

--
http://www.aspfaq.com/
(Reverse address to reply.)

 

[Roland Hall]

in message
:> I can't understand why you want to know this kind of information.
:
: Why can't you just answer the question, instead of being defensive about
it?
: Maybe the response after that would show you why he was asking...
:
: He was probably wondering if the file could be copied locally on a
schedule,
: so that ASP had access to it locally. Then you don't have to change
: permissions and deal with an app having access to important shares.
:
: You should look into DFS, perhaps.

You were right on the money.

--
Roland Hall
/* This information is distributed in the hope that it will be useful, but
without any warranty; without even the implied warranty of merchantability
or fitness for a particular purpose. */
Technet Script Center - http://www.microsoft.com/technet/scriptcenter/
WSH 5.6 Documentation - http://msdn.microsoft.com/downloads/list/webdev.asp
MSDN Library - http://msdn.microsoft.com/library/default.asp

 

[Roland Hall]

:I can't understand why you want to know this kind of information.
:
: That file could be access a lot of time in some days and just a few in
other
: ones
:
: >
: > How often does it need to be accessed and how updated does the data need
: to
: > be?
: >

To not be able to open up security, you could use WSH to make the file
available locally so the user could access it with the rights they have
right now.

I have a service I offer to customers that sign up for it for a product I
have written. Shipping tables update sometimes weekly. It is a annoying
process to update these manually. I have automated the procedure and allow
people to get it from me in the format they need so they don't have to do it
themselves. I pull data from the vendor's web sites with WSH and update
their config.asp file. This file is scheduled with AT. It works well.

If you are unable to do something similar then, as Aaron said, you're going
to have open up your security so the users have access.

--
Roland Hall
/* This information is distributed in the hope that it will be useful, but
without any warranty; without even the implied warranty of merchantability
or fitness for a particular purpose. */
Technet Script Center - http://www.microsoft.com/technet/scriptcenter/
WSH 5.6 Documentation - http://msdn.microsoft.com/downloads/list/webdev.asp
MSDN Library - http://msdn.microsoft.com/library/default.asp

 

[David Wang [Msft]]

The authentication inside asp file is made only with domain user. By

this domain users I can manually access to tha text file, but my web
server can not.

This is the classic "double hop" scenario. Integrated Authentication(NTLM)
does not support "double hop" because the web server is not authorized to do
so.

Authentication choices that allow double hop include:
1. Basic
2. Integrated Authentication(Kerberos)
3. Custom Authentication that mimics #1 or #2 in principle
4. Protocol Transition from (Whatever)->Kerberos

The following URL should have the necessary pointers to set this up. It
talks about things in terms of a UNC vdir, but it is really not much
different than an ASP page accessing a UNC share.

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/webapp/iis/remstorg.mspx

I believe IIS5 supports choices #1, #2, and #3.

FYI: There is a difference between using the domain user to manually access
the text file and having the domain user login to the web server and use the
web server access the text file using the domain user's identity. Namely,
when the domain user manually accesses the text file, they are directly
doing this action (no delegation through third party). Meanwhile, with a web
server, the user only authenticates to the web server and can touch objects
on that server as themselves; the web server does not have permissions to
access other network resources on behalf of the user. If this looks
illogical to you, consider when a user accesses your webserver, whether your
web server should be allowed to withdraw money from their bank's remote
server as the user (instead of copying a file to a remote server as the
user). The two actions are identical from a networking/trust perspective,
but one action is clearly ok while the other is not ok. The reason that it
is not ok is the reason your current ASP page is failing.

--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
Your solution is formally correct but it's doesn't solve completly my
problem.

I've an asp file inside a virtual directory with necessary only Windows
Integrated Authentication enabled. That file have to access to text file
inside another host member of the same NT domain.

The authentication inside asp file is made only with domain user. By this
domain users I can manually access to tha text file, but my web server can
not.

Does my web server always access to text file on network share only by using
IUSR_webserver user ?

 

[Lamberti Fabrizio]

The solution described in your url is formally correct, but it is not
suitable to my problem.

My text file must be accessed only by an ASP file or application that use
only Integrated Windows Authentication.

Your solution is correct but it uses Anonymous Access.

 

[Lamberti Fabrizio]

your suggestion is correct but now I've got this strange problem.

When I use my asp page (try.asp) to access the text file by this url
http://IIS_WebServerName/try.asp, it is all right, but when I use this url
http://IIS_WebServerName.DomainName.Ext/try.asp , I obtain the usual error:
my asp page can't access the text file.

Can you still help me?

 

[Lamberti Fabrizio]

David Wang, your suggestion is correct but now I've got this strange
problem.

When I use my asp page (try.asp) to access the text file by this url
http://IIS_WebServerName/try.asp, it is all right, but when I use this url
http://IIS_WebServerName.DomainName.Ext/try.asp , I obtain the usual error:
my asp page can't access the text file.

Can you still help me?

 

[David Wang [Msft]]

This is most likely a browser-side issue. For example, IE authenticates
differently depending on whether the server name has dots in it or not (it
treats it as different zones).

IIS does not alter behavior based on server name (unless you configured host
header and DNS incorrectly or have server-side application that alters
behavior based on SERVER_NAME server variable). It is just another
identifier as far as IIS is concerned.

--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
your suggestion is correct but now I've got this strange problem.

When I use my asp page (try.asp) to access the text file by this url
http://IIS_WebServerName/try.asp, it is all right, but when I use this url
http://IIS_WebServerName.DomainName.Ext/try.asp , I obtain the usual error:
my asp page can't access the text file.

Can you still help me?