I wrote a C# WCF server and I am trying to get it up in IIS but everything I try to go to my endpoint I get this error:
I checked the Permissions on the site and I have Authenticated Users others:
so I am not sure what to do now...
I imagine that the root of the problem is that you are trying to create an application on the server that points to files on your own computer using a Remote Desktop Connection drive share. The \\?\UNC\tsclient\C\... path is a dead giveaway.
This is a definite no. You cannot run a web service this way. The tsclient path is specific to your individual connection and will not work from any other context. Any other user account - including the service account that the IIS instance is running from - will not be able to access those files.
To resolve this issue you need to copy the files from your machine to a location on the server and recreate the IIS application entry, referencing the location on the server. You might still need to monkey with the security on the server-local folder.
Related
I want to copy one file on the network drive ex. 192.168.0.32/ODfolder
I have hosted C# API on my IIS but when I call API they give me the error "Access Denied"
but when i debug on localhost it will run fine without error and copy the file on the network drive too.
Regards
Rajat Khandelwal
First check whether that network drive is accessible from the machine where you have hosted your application, if yes then give write access on that folder to everyone or the user under which your application pool is running which is hosting your C# API.
Hope this helps. Happy coding...
Check which user you are connecting using .Local IIS uses IIS_USERS. change the user or add permissions to user connecting to the file.
I need to access a web API to access a different computer which is in a local network. For that purpose I publish that API and hosted by IIS. my computer and the other computer (which is going to access the API) pinged without any error and also I already accessed this API through the other computer successfully. but unfortunately today on words I could not be able to access it.
this is the error that occurred:
I tried lot of things according to the following order, but it doesn't work out.
Added runAllManagedModulesForAllRequests="true" to my web.config(in web API publish folder).
Read,write,modify permissions to Network Service,IUSR,IIS_IUSRS.
Disable virus guard firewall.
This error will appear in the other computer (which I am using to access the API).
Please be noted: I able to access this API yesterday, But today onwards I could not be able to access it.
Is your API running in your local machine?
if not check your apppoolidentity.
did you changed LAN PasswordToday?
I have a web service in .Net 4.0. I'm deploying said web service to two IIS servers each running IIS 7.5 Both servers are setup to us the Network Service account. The code is deployed to a physical disk on the servers. It attempts to write to a log file also on a local physical disk. The Network System user has full control permissions on the local directory. When the service starts, first thing it does is write an entry to the log file. This works fine on server A, but not on server B.
Can anyone give me a suggestion on where I might look for something that is actively denying file IO on IIS server?
The specific error message is Exception Details: System.IO.FileNotFoundException: Could not find file 'D:\Data\Logs\CDelivery.log'. I can assure you the file is in fact present, and this works just fine on server A.
P.S. I also tried this solution, but the IE Enhanced Security Configuration is already set to "OFF" for both Admins and Users IIS 7.5 App Pool write permissions denied
Found the problem. My code to writetolog is in a static class and I was accessing resources before locking them properly. Since the writetolog function is my generic error handler (among other things) the unhandled exception within it was causing w3pw.exe (and kernalbase.dll) to blow up.
Had to do a good bit of digging to find it because "Can't find file x" was not actually the problem at all. Terrible error message.
I have developed an ASP.NET MVC 3 which must access to a SharePoint Remote Folder.
To do that, during the development, before to run the Visual Studio Development Server, I try to access to the remote folder. Then, I must introduce the credentials of the user who has permission to see the remote resource. After this, using the following code:
string path = #"\\tests.sharepoint.es\folder1";
DirectoryInfo di = new DirectoryInfo(path);
DirectoryInfo[] dis = di.GetDirectories();
The access to the folder is successful. However, this fails when I executed my web application from the IIS, getting the next error:
Access to the path '\tests.sharepoint.es\folder1\' is denied.
Even if I set for the Application Pool the same user that runs the Visual Studio Development Server, it continues failing.
I have identified that the users who runs the World Wide Web Publish Service (W3SVC) is SYSTEM (an account who obviously doesn't have permission to access to the folder) but I can't change this and I am not sure if this causes the problem.
Also, I have read some posts about using SPSecurity.RunWithElevatedPrivileges but I can't use it because my IIS server doesn't have Sharepoint installed (it is in another machine) and therefore, I can't use Microsoft.Sharepoint.dll as far as I know.
UPDATE: When I try to access to the resource using my windows explorer, I have read that OS uses WebDav instead of NetBios. Can IIS use this protocol to access to the resource?
If you really need to access remote resource with Windows permissions from Windows web server (or any other server that impersonates remote client) than you must run such code under account directly signed in on the server box. This is caused by "NTLM one hop" policy - user's credentials can be used only on machine user directly signed in to or machine user directly communicates to (and not on third one that this second machine tries to connect to).
Safest approach is to run process under account that have access to remote resource and run code in that process. You can run IIS process under such account, but you may need to revert impersonation back to process if running code during requests.
You can also directly impersonate particular user but you'll need to have plain text login information. This is most likely against security policy for most companies.
Note: you very well may end up building anonymization proxy - be very careful to understand what it means to access remote resource under account different from actual user's account.
Fortunately, I have found how to resolve the access problem.
I have used the solution described in this post.
My code seems like this:
PinvokeWindowsNetworking.connectToRemote(#"\\tests.sharepoint.es\folder1", "domain\user", "password");
//manage files and folders of my remote resource
//...
PinvokeWindowsNetworking.disconnectRemote(#"\\tests.sharepoint.es\folder1");
I'm using a WCF service that is running on an IIS 7.5 (W2k8 R2). I use this service for getting quota information about the space of a specified web site on the same IIS.
So I do have the WCF service acting as server and a local web app acting as client. The client now asks the server for the quota of a web site folder. To do so the server should use the FsrmQuotaManager. But when the service is referencing the quota manager I get an 0x80070005 (Access denied). The web service runs in it's own AppPool with the ApplicationPoolIdentity.
I always got DistributedCOM errors (10016) in the event log saying that The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{90DCAB7F-347C-4BFC-B543-540326305FBE} and APPID {FA3FC5CF-0304-4CAC-99F0-032AC2B15D1E}
to the user MYDOMAIN\someUsername SID (S-1-5-21-1477432904-898564541-3754644009-3102) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. So I already managed to add permission for this user (or better the group that user is in) in the ComponentServices as I often read when searching the Internet. Now I don't get that error in the event viewer anymore but when I'm referencing the FsrmQuotaManager in the services code I'm still getting the exception.
Does anyone have a clue about that? I'm really stuck at this for quite some days and I'm running out of ideas. Using the Process Monitordoesn't help.
We finally solved it.
We had to impersonate around the creation of the FsrmQuotaManager object with a local administrator account. Using this we could also remove the the permission previously added in the ComponentServices.