CODEWITHSUNDEEP
sharepointiispermissions
Matt
Matt

Reputation: 1370

Permissions for IIS account

I have a webservice running under sharepoint, on a bog-standard Server2003/IIS6 setup. This webservice needs to open and read a file from a share on another machine in the same domain. At the moment I am getting a

System.UnauthorizedAccessException: Access to the path '\strand\DROPBOXES\MattTrinder\SharepointShared\bd116dfa-be0e-4c58-93e6-3fb93fa0ef22.tmp' is denied. at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)

What permissions do I need to grant to which accounts to allow this webservice to open and read the file ?

Using "\\sharepointserver\c$" works fine...

Thanks

Matt

Upvotes: 1

Views: 1591

Answers (3)

tgeros
tgeros

Reputation: 2950

Classic asmx web services by default run as the IUSR_ account. This may not have permission to access the network path. You can change this to a domain account by changing the application pool identity.

Upvotes: 1

Igal Serban
Igal Serban

Reputation: 10684

You need to grant read access in the file system level and in the share. The problem is that sharepoint runs (probably, because it can be changed) under network service account that has no access to the network.

options:

  • If you are using integrated authentication for the web service. Then you have to grant the permissions to the users that the web service client runs under. But don't go this dark path. Because delegation is very hard to configure.
  • If you have anonymous access to the web service, make sure that the application pool that the web service runs under run with user permission of explicit user that have access to that said file. This can be configured with the sharepoint administration site. Or with computer management mmc.

Upvotes: 2

Erik Hesselink
Erik Hesselink

Reputation: 2540

The account you grant access to, has to exist on the target (where the share exists) as well (either the same domain account, or a local account with the same password). Since the IIS-user normally has an auto-generated password and is local, this is hard.

The way we solve this, is to run the website as a different user (that we created ourselves), and grant this user permissions to access the share on the remote PC. Note that both the sharing permissions have to be correct, and the file system permissions.

Upvotes: 3

Related Questions