ASP.NET application cannot access network drive

[James N]

My ASP.NET application needs read/write permissions for drive "Z:",
which is mapped to my Linksys Gigadrive (Network Attached Storage...if
anyone is familiar with that).

If I configure the Gigadrive with "Guest" access rights, then everything
works fine, BUT this leaves the drive vulnerable to everyone/everything
including network viruses. Lately, my drive has had several attacks by
the Lovegate virus.

Eliminating such attacks requires making my drive private, meaning I
must remove "Guest" access rights and only allow logged-in users to
access the drive through the ASP.NET applicaiton.

The problem is that without "guest" access rights, the ASP.NET
application itself cannot access the drive!

Is my ASP.NET application a "user" that I must add to the list of
priviledged users on the Gigadrive? Well, I tried adding users "ASPNET"
and "IUSR_MyComputer" to the Gigadrive, but it didnt seem to work.

Again, if I allow the "Everyone" group (which includes the user "Guest")
to have persmission to the drive, then everything works.

Can someone please help me?

*** Sent via Developersdex [url]http://www.developersdex.com[/url] ***
Don't just participate in USENET...get rewarded for it!

[James N]

My ASP.NET application needs read/write permissions for drive "Z:",
which is mapped to my Linksys Gigadrive (Network Attached Storage...if
anyone is familiar with that).

If I configure the Gigadrive with "Guest" access rights, then everything
works fine, BUT this leaves the drive vulnerable to everyone/everything
including network viruses. Lately, my drive has had several attacks by
the Lovegate virus.

Eliminating such attacks requires making my drive private, meaning I
must remove "Guest" access rights and only allow logged-in users to
access the drive through the ASP.NET applicaiton.

The problem is that without "guest" access rights, the ASP.NET
application itself cannot access the drive!

Is my ASP.NET application a "user" that I must add to the list of
priviledged users on the Gigadrive? Well, I tried adding users "ASPNET"
and "IUSR_MyComputer" to the Gigadrive, but it didnt seem to work.

Again, if I allow the "Everyone" group (which includes the user "Guest")
to have persmission to the drive, then everything works.

Can someone please help me?

*** Sent via Developersdex [url]http://www.developersdex.com[/url] ***
Don't just participate in USENET...get rewarded for it!

[Jeff Trotman]

I believe that giving permissions to ASPNET (assuming you're using the
default settings) is who needs the permissions. Drive mappings are user
specific so not only do you need to have Z mapped to the share, but the
ASPNET user has to have it mapped as well. I don't know if this is your
problem but this has bitten me in the past.

Also, you could try using a UNC path to access the drive which wouldn't
require a drive mapping.

Hope this helps.

Jeff Trotman
Westglenn Software


"James N" <anonymous@devdex.com> wrote in message
news:euaqLr8SDHA.2188@TK2MSFTNGP10.phx.gbl...

>
>
> My ASP.NET application needs read/write permissions for drive "Z:",
> which is mapped to my Linksys Gigadrive (Network Attached Storage...if
> anyone is familiar with that).
>
> If I configure the Gigadrive with "Guest" access rights, then everything
> works fine, BUT this leaves the drive vulnerable to everyone/everything
> including network viruses. Lately, my drive has had several attacks by
> the Lovegate virus.
>
> Eliminating such attacks requires making my drive private, meaning I
> must remove "Guest" access rights and only allow logged-in users to
> access the drive through the ASP.NET applicaiton.
>
> The problem is that without "guest" access rights, the ASP.NET
> application itself cannot access the drive!
>
> Is my ASP.NET application a "user" that I must add to the list of
> priviledged users on the Gigadrive? Well, I tried adding users "ASPNET"
> and "IUSR_MyComputer" to the Gigadrive, but it didnt seem to work.
>
> Again, if I allow the "Everyone" group (which includes the user "Guest")
> to have persmission to the drive, then everything works.
>
> Can someone please help me?
>
> *** Sent via Developersdex [url]http://www.developersdex.com[/url] ***
> Don't just participate in USENET...get rewarded for it!

[James N]

Jeff,

Im not sure what you mean when you said "the ASPNET user has to have it
mapped as well". Do you mean this:

Under "my computer" right-click the mapped drive and select
"properties". On the security tab, add "ASPNET" to the list of users?

Well, I tried doing that but it does not allow me to modify the list.
Currently, I have 3 users/roles: administrator(NASDRIVE\administrator),
Everyone, everyone(NASDRIVE\everyone). I checked the "full control"
option for all of them. However, when I click "apply", all the
checkboxes become unchecked again. Only the administrator still has
full control ( as how it was initially ).



*** Sent via Developersdex [url]http://www.developersdex.com[/url] ***
Don't just participate in USENET...get rewarded for it!

[James N]

I was playing around with the NAS a little more and I notice that
whenever I create a new user with the name "aspnet", I receive the same
error: "Could not find a part of the path 'z:\'". The odd thing is even
though "aspnet" is a member of the "everyone" group in NAS, and that the
"everyone" group does have R/W access to the share folder, the
application is still not able to write to the folder. Now if I delete
the "aspnet" user altogether, everything works like normal (where
"everyone" has access).

By the way, for your info (but im sure everyone here probably knows this
already) "ASPNET" is actually the user account that the asp.net worker
process (aspnet_wp.exe) is configured to runs as in IIS/windows. There
seems to be some correlation, but I just dont know exactly what. If
this info has shedded some light on this problem, please let me know.
THanks.

*** Sent via Developersdex [url]http://www.developersdex.com[/url] ***
Don't just participate in USENET...get rewarded for it!

[James N]

Oh, one more thing to note, and this may probably invalidate my whole
reasoning above. A lot of advices I get from ppl on these forums is to
create a user account on the NAS that matches the user account that the
Windows' aspnet_wp.exe worker process uses. What I did above is the
same thing, just that I didnt not set a password for the account.

So I decided to try setting a same password for the "ASPNET" user both
in Windows ("Admin Tools" -> "Comp Management" -> "Local Users and
Groups" -> "Users") and in NAS. I also modifed the <processModel> tags
in machine.config so that username/password = "ASPNET"/"(password)".
Strangely, this did not work.

Some other people say to let the aspnet_wp.exe process use an existing
Window user's account to run. So in machine.config I set
username/password = "myUsername"/"(myPassword)". I created the same
account on the NAS as well. Again, sadly, this method did not work
either.

But who cares now??!! It working!! LOL


*** Sent via Developersdex [url]http://www.developersdex.com[/url] ***
Don't just participate in USENET...get rewarded for it!

[James N]

I GOT IT TO WORK! WOOHOOOO!!!!

I finally figured out a way to disable all "guest" access to the NAS
drive, and only allow my ASP.NET application to access it. The solution
was to create a new "ASPNET" user account on the NAS drive WITHOUT
setting any password. This "ASPNET" account is made to correspond to
the same "ASPNET" user account that IIS uses to execute the ASP.NET
application in the Windows environment.

The key here is to leave the password field blank. The reason for this
is that (although I could be wrong) notice in the machine.config file
(at least my machine.config file) that the username/password attributes
of the <processModel> tag is "machine"/"AutoGenerate". This gives me
the notion that the password for Window's "ASPNET" account is
automatically generated by Windows/IIS, thus, requiring the password
field in NAS to be set blank (to accept any password that IIS may have
generated) for its ASPNET user. Only then will it be possible for the
NAS to authenticate the ASPNET user and allow access. By allowing only
the "ASPNET" user and disallowing the "guest" user, I believe that my
NAS will now be safe from any unwanted network intruders.

And finally thanks to everyone who has offered input and tried to help.

Oh, one more thing to note, and this may probably invalidate my whole
reasoning above. A lot of advices I get from ppl on these forums is to
create a user account on the NAS that matches the user account that the
Windows' aspnet_wp.exe worker process uses. What I did above is the
same thing, just that I didnt not set a password for the account.

So I decided to try setting a same password for the "ASPNET" user both
in Windows ("Admin Tools" -> "Comp Management" -> "Local Users and
Groups" -> "Users") and in NAS. I also modifed the <processModel> tags
in machine.config so that username/password = "ASPNET"/"(password)".
Strangely, this did not work.

Some other people say to let the aspnet_wp.exe process use an existing
Window user's account to run. So in machine.config I set
username/password = "myUsername"/"(myPassword)". I created the same
account on the NAS as well. Again, sadly, this method did not work
either.

But who cares now??!! It working!! LOL


*** Sent via Developersdex [url]http://www.developersdex.com[/url] ***
Don't just participate in USENET...get rewarded for it!

[Jeff Trotman]

Glad you got it working. Just to clarify what I was saying (although this
does not appear to have
been the problem)

If you have login to your computer as "User1" and map a drive (say N:) to a
network share called
\\SERVERNAME\SHARENAME and check the box to make the connection persistent
and then
logoff and log back in as User1, N: will still connect to
\\SERVERNAME\SHARENAME. But,
if you logoff and log in as a different user (User2), User2 will not have a
N drive. This has nothing
to do with whether User2 has permissions for \\SERVERNAME\SHARENAME, just
that User2's
profile on this machine hasn't mapped N: to \\SERVERNAME\SHARENAME. He can,
but he hasn't
yet.

Now imagine that your account is User1 and ASPNET is User2. If you use a
mapped drive in your code
(N:\...) as opposed to UNC (\\SERVERNAME\SHARENAME), when it runs as ASPNET
the N drive
isn't available unless you login as ASPNET and map the drive for that
profile.

I don't know if this clarifies or muddies the water, but that's what I
meant. Again, it appears to not
have been your problem.

JT


"James N" <email_this_guy@yahoo.com> wrote in message
news:%23yYi9$MTDHA.2196@TK2MSFTNGP12.phx.gbl...

> Oh, one more thing to note, and this may probably invalidate my whole
> reasoning above. A lot of advices I get from ppl on these forums is to
> create a user account on the NAS that matches the user account that the
> Windows' aspnet_wp.exe worker process uses. What I did above is the
> same thing, just that I didnt not set a password for the account.
>
> So I decided to try setting a same password for the "ASPNET" user both
> in Windows ("Admin Tools" -> "Comp Management" -> "Local Users and
> Groups" -> "Users") and in NAS. I also modifed the <processModel> tags
> in machine.config so that username/password = "ASPNET"/"(password)".
> Strangely, this did not work.
>
> Some other people say to let the aspnet_wp.exe process use an existing
> Window user's account to run. So in machine.config I set
> username/password = "myUsername"/"(myPassword)". I created the same
> account on the NAS as well. Again, sadly, this method did not work
> either.
>
> But who cares now??!! It working!! LOL
>
>
> *** Sent via Developersdex [url]http://www.developersdex.com[/url] ***
> Don't just participate in USENET...get rewarded for it!