"David Wang [Msft]" <some***@online.microsoft.com> wrote in message
news:uvYEaHuSFHA.140@TK2MSFTNGP10.phx.gbl...
> Does your user account have access through BOTH the Share's ACLs as well
as
> actual NTFS ACLs on the directory itself?
>
> If the scenario works if you change it to Basic authentication instead of
> Integrated Windows authentication, then you are looking at the classic
> "double hop" situation (even though you short-circuit it right now) and
the
> fact that NTLM does not delegate. You will need to use an authentication
> protocol (like Basic [insecure] or Kerberos) that delegates in order to
> access "shares" remotely. The logic behind it is simple. If you log onto a
> server, why should the server automatically be able to use your
credentials
> to access some other network resource? In other words, do you believe that
> when you log onto a server that the server be automatically able to use
your
> credentials to debit money from your bank account on another network
> resource.
>
> --
> //David
> IIS
> http://blogs.msdn.com/David.Wang
> This posting is provided "AS IS" with no warranties, and confers no
rights.
> //
> <cis042***@yahoo.com> wrote in message
> news:1114559695.832177.35210@g14g2000cwa.googlegroups.com...
> My asp.net app is trying to access a local share on my my server.  The
> share and the server are on the same box.  To begin with, I gave the
> ASPNet local user account full access to the share.  Then I enabled
> anonymous access with integrated windows security on the web site.  It
> works like a charm.  Disable anonymous access with integrated windows
> security and I get the error listed at the bottom of this message.  As
> a test case, I wrote a small test harness to display the current
> identity (WindowsIdentity.GetCurrent().Name).  With anonymous access
> enabled it displays the IUser account.  When anonymous access is
> disabled it shows my user name.  My user account has access to the
> share and still gets the error. Does anyone know what I'm doing wrong?
>
> System.UnauthorizedAccessException: Access to the path
> "\\CorpServer\Applications\appFRSQA\ReportShare\0616200641342PM.txt" is
> denied.
>    at System.IO.__Error.WinIOError(Int32 errorCode, String str)
>    at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess
> access, FileShare share, Int32 bufferSize, Boolean useAsync, String
> msgPath, Boolean bFromProxy)
>    at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess
> access, FileShare share, Int32 bufferSize)
>    at System.IO.StreamWriter.CreateFile(String path, Boolean append)
>    at System.IO.StreamWriter..ctor(String path, Boolean append,
> Encoding encoding, Int32 bufferSize)
>    at System.IO.StreamWriter..ctor(String path)
>    at Hca.Tcs.Service.Report.Helper.WriteAuditFileData(SqlDataReader
> dataReader, AuditFileReportHeader reportHeader)
>
>
>

"David Wang [Msft]" <some***@online.microsoft.com> wrote in message
news:uvYEaHuSFHA.140@TK2MSFTNGP10.phx.gbl...
> Does your user account have access through BOTH the Share's ACLs as well
as
> actual NTFS ACLs on the directory itself?
>
> If the scenario works if you change it to Basic authentication instead of
> Integrated Windows authentication, then you are looking at the classic
> "double hop" situation (even though you short-circuit it right now) and
the
> fact that NTLM does not delegate. You will need to use an authentication
> protocol (like Basic [insecure] or Kerberos) that delegates in order to
> access "shares" remotely. The logic behind it is simple. If you log onto a
> server, why should the server automatically be able to use your
credentials
> to access some other network resource? In other words, do you believe that
> when you log onto a server that the server be automatically able to use
your
> credentials to debit money from your bank account on another network
> resource.
>
> --
> //David
> IIS
> http://blogs.msdn.com/David.Wang
> This posting is provided "AS IS" with no warranties, and confers no
rights.
> //
> <cis042***@yahoo.com> wrote in message
> news:1114559695.832177.35210@g14g2000cwa.googlegroups.com...
> My asp.net app is trying to access a local share on my my server.  The
> share and the server are on the same box.  To begin with, I gave the
> ASPNet local user account full access to the share.  Then I enabled
> anonymous access with integrated windows security on the web site.  It
> works like a charm.  Disable anonymous access with integrated windows
> security and I get the error listed at the bottom of this message.  As
> a test case, I wrote a small test harness to display the current
> identity (WindowsIdentity.GetCurrent().Name).  With anonymous access
> enabled it displays the IUser account.  When anonymous access is
> disabled it shows my user name.  My user account has access to the
> share and still gets the error. Does anyone know what I'm doing wrong?
>
> System.UnauthorizedAccessException: Access to the path
> "\\CorpServer\Applications\appFRSQA\ReportShare\0616200641342PM.txt" is
> denied.
>    at System.IO.__Error.WinIOError(Int32 errorCode, String str)
>    at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess
> access, FileShare share, Int32 bufferSize, Boolean useAsync, String
> msgPath, Boolean bFromProxy)
>    at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess
> access, FileShare share, Int32 bufferSize)
>    at System.IO.StreamWriter.CreateFile(String path, Boolean append)
>    at System.IO.StreamWriter..ctor(String path, Boolean append,
> Encoding encoding, Int32 bufferSize)
>    at System.IO.StreamWriter..ctor(String path)
>    at Hca.Tcs.Service.Report.Helper.WriteAuditFileData(SqlDataReader
> dataReader, AuditFileReportHeader reportHeader)
>
>
>