I have published my site and an exception is thrown but no error files are generated in the App_Data folder. I am wondering whether its write access to the folder.
The documentation says the ASP.Net process needs write access but not sure what is meant by that. Can someone tell me which user needs rights to this folder?
Thanks
UPDATE: I have found that the ASP.Net process on Win 2003 is the user NETWORK SERVICE. Is that correct?
On Windows Server 2003 (IIS6+) and higher it is NETWORK SERVICE. On IIS 5 and below it is the ASPNET user account that needs the required access.
It's whatever user is the identity of the application pool your app is running in. Typically this will be Network Service, but it could be a different account if your hosting administrator has set it up that way.
Related
I'm using the Cassia library to get terminal service information on Server 2008R2. Further more, this is being called from a ASMX web service. I'm having problems with an Access Denied error:
System.ComponentModel.Win32Exception: Access is Denied
I'm assuming this just means that my Application Pool needs to be added to a certain user group, but I'm not sure which one (had to do this before to read performance counters). Anyone know which?
Update: As I said in a comment under this post, adding the app pool to the admin group allowed the right access. However after a while (maybe a week or a few days), the access was auto deleted. Not sure if it was automatically done by some pre-included service or by another administrative user. However I don't really think this is the best way for this anyway. There's got to be a lower level group that would have access to terminal services. Any ideas?
I am wondering how exactly to programmatically login to another user account in Windows since Vista removed GINA. I have read that creating a credential provider is the replacement although I have yet to see an example of a credential provider logging in or loading the windows files like GINA did. I have seen third party terminal servers do this before. I want to be able to log another user in and load windows files while still logged into the original account. How is this done?
There is a web service application hosted On IIS 7.5. Authentication mode is Windows. When calling web services through my application, useDefaultCredentials atttribute on web service client is false. So web service call made on behaf of anonymous user. And also anonymous authentication mode enabled on IIS for the web service application.
To call web services successfully, I have to give read permission to everyone on folder which the web service application resides. But this causes to folder can be reached and read from everyone.
How can I hide the folder to be seen by everyone in this case?
If I am not successful to describe the issue, I can give you detailed explanations of specific points you want to understand.
I found the solution. I granted read permission for the built-in IUSR account and removed read permission for the everyone. So in this way, anyone on the domain cannot read the folder contents anymore.
After not getting much help on the last question, I decided to blow away the VM and re-create it as I already lost a week on this issue. And of course still issues, btu a little different.
I am using WSS on a 2008 server. I removed from the SharePoint admin the blocked asmx page types. I am using the administrator account with password and the domain, which is the IP of the VM machine. Normally I would never recommend using the admin account, but since I am just running a test to connect to SharePoint web services, so be it.
When accessing this site via a webbrowser, no issues whatsoever.
When accessing the web services from the browser using the admin credentials, no problem.
Then when trying to access the web service via Visual Studio I get the windows security dialog;
Followed by a discovery credential for the list;
Followed by another Discovery Credential for access to the error.aspx page, but as you can see, I can see the list of services for lists.asmx;
Followed by yet another Discovery Credential asking for permission to the $metadata and this just continues continually -it will NEVER authenticate via visual studio 2010;
And then, of course, when the code is ran, what do we get - ACCESS DENIED.
Call made; code not listed makes connection.
Make call to service:
And receive the error.
And IIS for SharePoint is set top Windows Authentication and Impersonate. All defaults.
It has now been going on 5 days; does anyone at all have any clue as to what is causing this? I have used this code and technique for years with Windows Server 2003 and WSS 2.0 and / or MOSS 2007 connecting from remote machines and NEVER, I mean NEVER had issues like this.
I would really appreciate any help.
In all cases we are running .NET Framework 3.5
My company has a server running Windows Server 2003 R2 (Service Pack 2), 32-bit processor. The IIS instance on this machine runs several Websites. One of the Websites we are running is Microsoft CRM 4.
When I attempt to log in to CRM from my local PC, everything's perfectly straightforward. I receive a prompt for username and password, I enter the details, I'm authenticated, and I pass through. Easy.
However: I can RDP into the 2003 Server and open IE. If I then browse to our CRM website I am prompted for a username and password. I provide exactly the same details - including the correct domain - as I enter from my local PC. But nothing. I'm denied access.
I am an administrator both of my local PC and of the 2003 Server.
This is very weird. I don't even know where to begin looking on this one. I don't even know what key terms to hit into Google.
Any help would be very much appreciated.
Context
Now, knowing what developers are like (I am one) the first response is going to be: "If you can log in from your PC, why do you care?"
There's more going on.
We have another website on that server that does nothing but host a set of critical web services. This is because the critical web services themselves rarely change but the other features change all the time. We don't want the critical web services to go down while maintenance is performed on other areas, so they were split off into their own independent web site about 18 months ago.
I am developing a web service for the critical site. This Web Service itself includes a proxy that points to the CrmService of CRM 4. The idea is that we want people to be able to submit certain information - such as lead contact information - into our CRM. However, we don't want to give just anyone access to the whole CRM system (obviously). So by publishing our own WebService that sits in the middle we can expose only the functionality that we want other people to have.
This new web service is now ready for deployment. All scenarios are met, all unit tests pass, everything that should fail does. It's all hunky-dory.
When I put that WebService on the 2003 Server, suddenly it can't communicate with CrmService any more due to authentication failure. ???
In my attempts to diagnose the problem, I noticed that no-one - not even administrators - can log into the CRM Website from within the 2003 Server. So I'm suspecting that whatever is causing that issue is also responsible for my web service to be unable to access the CrmService too.
For additional context, we have a new multi-domain SSL cert on the 2003 Server and we're splitting access to all our websites via host-headers.
I can't think of any more relevant information. If I've left out something critical, just ask.
Found it!
http://support.microsoft.com/kb/896861
Did the trick.