Accessing Mapped Network Drives via ASP.NET in IIS 6
A question came up at work today, "How do I access mapped network drives in ASP.NET under IIS 6? It worked before I got IIS 6 and Windows 2003."
IIS 6 and Windows 2003 are considerably more locked down versus previous versions. Additionally, accessing drives via mapped drive letters is frowned upon, likely the layer of redirection, as drives can be REMAPPED by evil-doers.
The preferred way to access network shares is via UNC.If you really wanna use Mapped Drives, there's KB257174.
There's also KB207671 on "How to access network files from IIS applications." This is a pretty funny KB, specifically because of it's first suggestion:
Following are ways to avoid problems when you access network resources from your IIS application:
- Keep files on the local computer.
This is the equivalent of the classic "Doctor, it hurts when I do this." "Well, don't do that."
The most useful tip in that KB article is the one about Auditing Logons. Rather than guessing or treating IIS as a black box, turn on Login Auditing:
If you cannot determine what kind of logon is occurring on your IIS server to handle requests, you can turn on auditing for Logons and Logoffs. Follow these steps:
1. Click Start, click Settings, click Control Panel, click Administrative Tools, and then click Local Security Policy.
2. After you open Local Security Policy, in the left Tree View pane, click Security Settings, click Local Policies, and then click Audit Policy.
3. Double-click Audit Logon Event and then click Success and Failure. Event Log entries are added under the Security log. You can determine the kind of logon by looking at the event details under the Logon Type:
2=Interactive, 3=Network, 4=Batch, 5=Service
No matter how you choose to accomplish your goal, always be aware of the Identity of your Worker Process. That might be ASPNET_WP or W3WP and it might be NETWORKSERVICE, or IUSR_MACHINE Name. Always use the weakest possible user, and make sure the files and the share have the minimal access needed. Don't run your Worker Process as anyone with any power or Administrator to solve file access problems.
About Scott
Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.
About Newsletter
Comments are closed.