INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Jobs

Access denied to folder using impersonation on IIS 6

Access denied to folder using impersonation on IIS 6

(OP)
I’m using impersonation on my web application in order to identify who is currently logged onto the client. For example “John Smith”. This side of things works fine as the web page lists the name and email address of whoever is logged onto the machine.

My web.config file contains…
<authentication mode="Windows" />
<identity impersonate="true"/>
<authorization>
<deny users="?" />
</authorization>

I have a folder on the company network and when a user submits a request on my web page, a sub folder gets created. There is an AD security group setup for this folder and “John Smith” has access to it.

When I run the code from my PC in debug mode all works fine and the sub folder gets created as it should. My problem comes when I release the application to the Intranet server. When I run the web page as “John Smith” from the Intranet, I get the error:

Error: Access to the path is denied.

I’m running this via IIS v 6 (I know, it’s an old server!).

The application pool identity is set to “Network Service” and I have added Network Service to the folder permissions with modify access.

Am I missing something or is there another account that it would use which requires access to the folder? I’ve also tried the ASP.NET account with no success.

Thanks

RE: Access denied to folder using impersonation on IIS 6

Hi,

A couple of questions.

1, does the user, "John Smith" you are testing with have the ability to create a folder or save information to a folder?

Remember you are impersonating his AD credentials. So, if his permission level does not allow him to write to a network drive, it is not going matter what you tried to do with his account.

Second, did you either try to change your web.config to add domain name?

Example, you can try prefixing username with domain name like:
<identity impersonate="true" userName="Domain\user" password="password" />

Thirdly, you probably did this already but did you try Domain\John.smith and then password?

Finally, try the following steps and see if it helps you.

1) Add Windows authentication in IIS Windows feature

a) Right click on the Windows logo in the bottom left corner

b) Click 'Control panel'

c) Click 'Programs'

d) Click 'Turn Windows features on or off'

e) Under 'Internet Information Services' -> 'World Wide Web Services' -> 'Security', check 'Windows Authentication'

3) Restart the computer

4) In IIS Manager, in the 'IIS' group, click on 'Authentication'

5) Make sure the status of 'ASP.Net Impersonation' and 'Windows Authentication' are Enabled

Good luck.

--k--

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Resources

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close