Re: webservice permissions
From: Daniel Wilson (d.wilson_at_embtrak.com)
Date: 02/09/05
- Next message: Daniel Wilson: "Re: webservice permissions"
- Previous message: Chris Botha: "Re: An unexpected error occurred on a send"
- In reply to: Ken Schaefer: "Re: webservice permissions"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 9 Feb 2005 11:50:24 -0500
Thanks for the help, Ken. Your point B contained the key, though I missed it
at first. Here are the steps that got it working for us.
The network admin created a domain user named "Browser".
I added the user to the local IIS_WPG group.
I created a new application pool and set it to run under the Browser
identity.
I set the LogoBrowser application to run in that new application pool.
Finally, I gave Browser full control of Windows\Temp. See
http://www.error-bank.com/microsoft.public.dotnet.framework.webservices/9ZANb.57609$G04.12433880@news4.srv.hcvlny.cv.net_Thread.aspx
dwilson
"Ken Schaefer" <kenREMOVE@THISadopenstatic.com> wrote in message
news:%23CdQhdzCFHA.3328@TK2MSFTNGP14.phx.gbl...
> a) IUSR_<machinename> is a *local* account. You can't assign it
permissions
> to remote resources
>
> b) If this is a .NET app, then your code probably isn't running under
> IUSR_<machinename> anyway, but rather the process identity for the worker
> process (w3wp.exe) that's services your web app
>
> c) If you want to use a custom account for a web app pool identity, then
> place that account into the IIS_WPG group on the IIS server (at the very
> least), so that it has the necessary permissions to run. If that still
> doesn't work, consult this KB article here, to see if anything else is
> missing: http://support.microsoft.com/?kbid=812614
>
> Hope that helps
>
> Cheers
> Ken
>
> "Daniel Wilson" <d.wilson@embtrak.com> wrote in message
> news:ewiGJcvCFHA.2032@tk2msftngp13.phx.gbl...
> >I have a client who is trying to deploy a webservice I wrote. The web
> > service reads a file on a file server and delivers information about it.
> > The
> > file needs to be inaccessible to the user of the webservice because it
is
> > intellectual property.
> >
> > This sounds easy. Just give the IUsr account on the web server, a 2003
> > server running IIS6, read rights to the files on the file server. Since
no
> > HTTP path will get to the file server, the user can't steal the file.
> >
> > Unfortunately, the service returns the error
> > Access to the path "\\FS1\Share\Designs\" is denied.
> >
> > The Everyone group has rights to the share as well as the Designs
folder.
> > But this happens.
> >
> > I suggested running the virtual directory under which the web service
ran
> > under a domain account, not the local IUSR. The client reported that
the
> > webservice page would not load at all under that configuration.
> >
> > What are we doing wrong?
> >
> > Thanks.
> >
> >
> > --
> > Daniel Wilson
> > Senior Software Solutions Developer
> > Embtrak Development Team
> > http://www.Embtrak.com
> > DVBrown Company
> >
> >
> >
> >
>
>
- Next message: Daniel Wilson: "Re: webservice permissions"
- Previous message: Chris Botha: "Re: An unexpected error occurred on a send"
- In reply to: Ken Schaefer: "Re: webservice permissions"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
