I have deployed an asp.net mvc web application on IIS 8 server inside an virtual machine (Windows server 2012 R2).
An azure file storage is mapped as network drive in this virtual machine Windows server 2012 R2.
Now my asp.net mvc web application needs to read the files and folders of this mapped drive by C# System.IO code. By default IIS is not allowed to access mapped drives.
That's why the web application is throwing System.IO exception
"Could not find the specified path Z:\"
. I also tried to pass "\\\\{storage-name}.file.core.windows.net\\{fileshare-name}
but still no success.
Can some one guide me with correct configurations and settings which I should do inside IIS and web application?
Finally, I succeeded to access the mapped network drive through IIS Server.
I performed following steps.
Create a new user account on VM.
The user name for this new account will be the Storage Account Name
The password for this user will be Storage account key which ends with "=="
After creating this new user account I changed the account type for this user to Administrator
Go to My Computer OR This PC
Attach the network drive with the help of Map network drive.. option.
Open IIS Manager window, go to Application Pools
Select the application pool which is being used by your web application (in my case it was DefaultAppPool and click on Advanced Settings... from right side pane.
Change the Identity for this application pool with newly created user account name and password.
Set Load User Profile to true.
Click OK to save changes.
Click on Recycle link from right side pane to refresh the selected application pool.
Now select your web application which is under Default We Site.
Click on Basic Settings... to open Edit Site dialog box.
Make sure that the Application Pool name is correct.
Click on Connect as... button and select Specific user radio button and then set the credentials with this newly created User name (Storage account name) and password (Storage account key).
That's it. Now you can simply write standard C# IO code to access the directory and files of mapped drive. Here is a sample example.
var allDirs = Directory.GetDirectories("\\\\<storageaccountname>.file.core.windows.net\\<storagefileshare>");
ViewBag.Items = allDirs;
Make sure that you access the files and folders by UNC path format only, just like I have done in above code.
Related
I am developing an asp.net c# web-application to sign PDF files on the server side. I am using a USB Token to sign the PDF file. When i developed on the development box, I can able to sign the document. But when the same code is hosted on IIS , I cannot able to sign the document. I am not getting any exception too. The error provided is An Internal error occurred.
I got stuck on this stage. Please help me on this issue.
Its look like permission related issue, you could try to use the different application pool account like network service or custom account which user has full access control permission or try to give IIS_IUSRS and IUSR permissions to the USB.
you can capture some data using process monitor.
to set application pool identity in iis please follow the below steps:
1)open iis manager.
2)select the application pool and click on the advanced setting from the action pane.
3)click on the identity.
4)in application pool identity windows click the custom account radio button and set username and password or select built-in account like network service from the drop-down.
to set application pool permission use IIS AppPool\apppool name.
I recently hosted a MVC application on machine and in solution I have a folder UploadedDocuments which i wants to secure. Actually when i browse URL like www.xyz.com/UploadedDocument it lists all the file even i didn't login to website
Note: Using Microsoft Interop for PDF conversion of docs in this directory.
wants to restrict the users who can browse folder but if a url with file name in folder and a user on website that is loggedin can access only with specified url
like www.xyz.com/UploadedDocument/abc.docx(except www.xyz.com/UploadedDocument)
thanks in advance!
In IIS, ensure that directory browsing is disabled.
On the file system, remove read access for any "normal" user accounts or groups, and have only the app pool account that IIS is running under with modify access to the folder (ie the "iis apppool\[MyApplication]" account).
You say you're using Microsoft interop for conversion. Is the conversion happening within the MVC application, or do you have another application / service performing the conversion? If the latter, also ensure that whatever account is running the other application / service has access to modify the folder.
I have built an intranet web-application that is only used inside the company - so security issues do not matter . where we have a link in a web-application that should access a local directory on the local filesystem. When we pass parameter link a windows explorer instance should open with given a directory open.Is there anything i need to do with IIS?
System.Diagnostics.Process.Start("explorer.exe",#"c:\teste");
If you do that you'll be trying to spawn an explorer process on the server hosting the web application.
Do you just want to link to a path on the users local machine or at a network location?
Link to a file share through an anchor tag
To begin with, I developed a web application which reads an XML file from specific location and displays the contents on editable web page of the application,which is executed perfectly when the XML file is on the same machine/computer. When I try to read the same file on different computer on the network I cannot read the contents onto my web page.
My Observation:
When I access that file from run window in the computer by entering \xxx.xxx.xx.xx\c$ it gives me the window to connect to the machine asking for credentials and I guess the session is open. So I close the window and when I access the xml file from the web application it's able to read the content.
Is there a way to bypass this authentication mechanism which is part of windows when I use my web app to read the XML file or is there a way to accommodate the extra step to configure the authentication in my application?
I would be glad if someone can guide me to the solution.
Check the user your web application is running under and if this user is also permitted to access this location.
If you are using IIS to host the page you have to check the "AppPool" user and also the users which are used at the "Web Site" and "Application"
Just change IIS application pool user to "enough rights" user (right click current app pool - advanced settings - identity) or specify impersonation in the same name section in web.config.
Could it be possible to change your logic,
By storing file from different network to local machine where your code is running, through uploading file and process it.
I have a windows service that is currently running as LocalSystem. At this point it cannot acess a network drive that it needs to. (I've been substituting local drive for testing).
Now I have a newly created service account for me that has been given permisions to the shared drive.
I am not sure how to "cut over" my C# app to use this new service account going forward.
Once I do, will this new account appear under the 'Log On As' column when viewing the service from the service panel?
thanks for any assistance.
Windows Key + R
Type services.msc
Right click service and select "Properties"
Select "Log On" tab on the dialog
Select "This account" radio button
Enter account information for your newly created domain account (e.g., mydomain\myaccount).
The account that you enter must have "Log on as a service" privileges per the Local Security Policy (%windir%\system32\secpol.msc /s); windows usually prompts you automatically when performing the above steps.
Also, don't forget the basics. The account must have at least read file system permissions to your service executable.
And yes, this account will appear in the "Log On As" column when this is set correctly.
Finally, it's been a few iterations of windows / active directory versions since I've done this kind of thing. It's possible that there are additional delegation-type security settings that may need to be set in active directory / on the local machine to allow the service running as the domain account access a drive on a remote share. Perhaps some tweaks to the local firewall might need to be made as well.