IIS7 - Virtual Directory UNC share without Domain - Access Denied
Well i have got it working now, even though im not 100% sure how.
I removed all current shared connections to the network server using 'net use * /delete' on both machines...just to ensure that no connections were currently active.
Then created shared folders using the 'Share' option when right clicking a folder. Gave this folder the permissions for my new user...removed my virtual directory in IIS, created a new one using the shared folder ('//ip address/sharedfoldername/') instead of accessing it like before ('//ip address/c$/inetpub/sharedfolder/').
This worked and im not pulling my hair out any more...i beleive it may have been using authentication from a previous connection made (i mapped a network drive).
Thought I would post this in case anyone else has any issues.
Paul
Related videos on Youtube
aman_41907
Updated on September 17, 2022Comments
-
aman_41907 over 1 year
The one of the advantage of loaders over asynctask is that they can handle configuration change ie rotation.But I am not able to understand how they do this and what exactly this means.Can anyone give a suitable example for this?.
Thanks in advance
-
Ov's Pianist about 13 yearsI don't think that works under IIS 7. Edit: Paul said it better next:
-
Paul Hinett about 13 yearsI beleive that only works if you are using a DOMAIN, i am simply using workgroups (both called Workgroup).
-
Paul Hinett about 13 yearsjust tried using pass through authentication for the VD which uses the app pool user (my new user), still no luck. same access denied error in process monitor.
-
Ov's Pianist about 13 yearsAnd Anonymous authentication for the client? If you're impersonating a user with Windows authentication in a Workgroup scenario, I think it's going to fail (NTLM = one hop only; no Kerb capability).
-
Paul Hinett about 13 yearsYes i beleive i am already using anonymous authentication...where would i check this in IIS7? on the authentication option in IIS on the site, or on my virtual directory?
-
Hyppy about 13 yearsWe use it to access a non-domain CIFS share on an EMC Celerra without a problem, as well as a share on a non-domain Windows 2003 server. Both are being accessed from a Windows 2008 R2 server.
-
Paul Hinett about 13 yearswhen i try to add a user from another server, it says it can't find it...when i click location button, it only has the option of the local server.
-
Ov's Pianist about 13 yearsEither - the closest setting is effective if they're both defined.
-
Hyppy about 13 yearsJust type it in manually. If the files are being shared from ServerX and UserY has permissions to it, then the username should be "ServerX\UserY"
-
Paul Hinett about 13 yearsyeah tried that, still exactly the same issue.
-
Paul Hinett about 13 yearsHyppy it wont let me add a user like that, it says it can't find it. Tristan...what do you mean by a mirrored user account locally...i do have the same user setup on local machine and networked machine. In my browser i simply get 500 - internal server error though. I only see the access denied error in process monitor. I have tried enabling detailed errors on the VD but still get 500...could this be related?
-
Ov's Pianist about 13 yearsPaul: I'd be tempted to try a Failed Request Tracing trace of the request, see what's happening and when from the request's perspective. The Access Denied might be a red herring. My comment about mirrored accounts was for Hyppy; I can't think of a way to get this working with the configuration he's described. Doesn't mean it doesn't work, just that I don't know how :)
-
Paul Hinett about 13 yearsJust turned on failed request tracing, however nothing appears to be getting logged..no log file has been created.
-
Ov's Pianist about 13 yearsIf there's no file (and you've enabled failed request tracing and created a rule that'd catch any status output), the App Pool isn't getting to the request, meaning (most likely) the App Pool identity can't read that location. I'd sanity-check that the web.config file has NTFS permissions that include the app pool identity; otherwise, I'm stumped, I'd look at security event logs, WAS tracing.