Reputation: 421
Serve file from FSx to IIS
I've got EC2 instance with IIS and mapped FSx file system on AWS. All in one VPC in one subnet.
IIS config works perfectly as long as it's configured with local drive. When I change config to use path from that mapped FSx I've got an error. Even for just a test static page.
All current users have full access to those files. Do I need to set up any special users for IIS on Domain Controller? Any special permissions? I would appreciate any ideas...
Upvotes: 3
Views: 2343
Answers (3)
Reputation: 442
It seems that you need to configure the IIS application pool identity to use a domain account that has access to the FSx file system. By default, the application pool identity is a local account that does not have any permissions on the network share.
To change the application pool identity, follow these steps:
- Open IIS Manager and select the application pool that hosts your website.
- Click on Advanced Settings in the Actions pane.
- Under Process Model, click on Identity and then on the ellipsis (...) button.
- Select Custom account and enter the domain user name and password that has access to the FSx file system. Click OK to save the changes.
- Restart the application pool and the website.
Alternatively, you can use the command line tool appcmd.exe to set the application pool identity. For example, to set the identity to domain\user for the DefaultAppPool, you can run:
appcmd.exe set config /section:applicationPools /[name='DefaultAppPool'].processModel.identityType:SpecificUser /[name='DefaultAppPool'].processModel.userName:domain\user /[name='DefaultAppPool'].processModel.password:password
You can also use PowerShell to set the application pool identity. For example, to set the identity to domain\user for the DefaultAppPool, you can run:
Import-Module WebAdministration
Set-ItemProperty IIS:\AppPools\DefaultAppPool -Name processModel -Value @{identityType="SpecificUser";userName="domain\user";password="password"}
For more information, see this article on how to access FSx file shares from IIS.
Upvotes: 0
Reputation: 217
SOLTUION: you can not use the drive letter must be full DNS name for fsx console \DNS_NAME\share
I am having this exact issue. Drive is available on ec2 instance but authorization in IIS fails. Browse directory from IIS workd but can not get authorization to pass test. I have tried admin on EC2 and admin on active directory as users in IIS virtual drive.
Upvotes: 0
Reputation: 3504
First of all, you need to figure out the substatus code of your IIS server and detailed error message. So please enable IIS detailed error message for your website.
I assume this issue happened just because your identity don't have permission to access configuration file.
1.Please Ensure your IIS site->basic settings->connect as..->set your domain account that have permission to accessyour FSX
2.Please set your application pool identity to your domain account that have access to the FSx.
3.Please grant permission for that application pool account.
4.Please set your authentication user to use application pool identity. For example, if you are using anonymous authentication. Then go to->anonymous authentication->edit..->Application pool identity.
If you don't know how to troubleshooting this issue. Prcoss monitor would help. You only have to create a filter "RESULT=Access denied & Processname="w3wp.exe".
https://learn.microsoft.com/en-us/sysinternals/downloads/procmon
Upvotes: 0
Related Questions
- Upload files directly to Amazon S3 from ASP.NET application
- How to upload stream of a file to AWS S3 in ASP.NET?
- ASP.NET uploading a file to Amazon S3
- Stream S3 file via .NET FileStreamResult and Web API
- How to share file in Windows Amazon EC2 instance
- How to read a file via ASP.Net Web API to S3 via Memory Stream
- FTP files into AWS S3
- How to transfer folder from Amazon Web Services to ASP.NET Server remotely
- How to serve non public file directly from the Amazon s3 storage
- Deploy ASP.Net site to windows server