Problems with writing to a file on IIS 6.0

I have an ASP.Net application which accesses a web server hosted on
IIS. The web server creates a file in the application directory and
writes to it. My application needs to run on 2K, 2K3 and XP, i.e. IIS
5.0, 5.1 and 6.0.
I cannot use 'Inegrated Windows Authentication' (on my client's
request) so i have enabled the anonymous access. In 2K and XP systems,
I gave the ASPNET user full control on the physical directory and made
it the id for 'Anonymous Access' for that virtual directory. The
application runs fine.

But on a machine with IIS 6.0, I am facing problems. The user NETWORK
SERVICE has full control on the physical directory, but what should be
the anonymous access user? The NETWORK SERVICE is not available for
anonymous access. Using the IUSR_ id for anonymous access did not help
since it does not have the required permissions. How can I write to
file on IIS 6.0?

Please let me know if there is any way of solving this preferably
without creating a new user account.

Re: Problems with writing to a file on IIS 6.0

If you are using an ASP.NET application without impersonation, then your
ASP.NET code runs as Network Service (not the anonymous user account in
IIS). There should be no need to make the Network Service account the
anonymous user account.

Cheers
Ken

wrote in message
news:243cf163-87fc-4c67-8a2e-51389f904b61@k39g2000hsf.google groups.com...
>I have an ASP.Net application which accesses a web server hosted on
> IIS. The web server creates a file in the application directory and
> writes to it. My application needs to run on 2K, 2K3 and XP, i.e. IIS
> 5.0, 5.1 and 6.0.
> I cannot use 'Inegrated Windows Authentication' (on my client's
> request) so i have enabled the anonymous access. In 2K and XP systems,
> I gave the ASPNET user full control on the physical directory and made
> it the id for 'Anonymous Access' for that virtual directory. The
> application runs fine.
>
> But on a machine with IIS 6.0, I am facing problems. The user NETWORK
> SERVICE has full control on the physical directory, but what should be
> the anonymous access user? The NETWORK SERVICE is not available for
> anonymous access. Using the IUSR_ id for anonymous access did not help
> since it does not have the required permissions. How can I write to
> file on IIS 6.0?
>
> Please let me know if there is any way of solving this preferably
> without creating a new user account.
>
>

Re: Problems with writing to a file on IIS 6.0

The impersonation is set to true in the config file, what would
ASP.NET run as in my case?
And i also need to use the anonymous access to provide access without
any authentication.


Ken Schaefer wrote:
> If you are using an ASP.NET application without impersonation, then your
> ASP.NET code runs as Network Service (not the anonymous user account in
> IIS). There should be no need to make the Network Service account the
> anonymous user account.
>
> Cheers
> Ken
>
> wrote in message
> news:243cf163-87fc-4c67-8a2e-51389f904b61@k39g2000hsf.google groups.com...
> >I have an ASP.Net application which accesses a web server hosted on
> > IIS. The web server creates a file in the application directory and
> > writes to it. My application needs to run on 2K, 2K3 and XP, i.e. IIS
> > 5.0, 5.1 and 6.0.
> > I cannot use 'Inegrated Windows Authentication' (on my client's
> > request) so i have enabled the anonymous access. In 2K and XP systems,
> > I gave the ASPNET user full control on the physical directory and made
> > it the id for 'Anonymous Access' for that virtual directory. The
> > application runs fine.
> >
> > But on a machine with IIS 6.0, I am facing problems. The user NETWORK
> > SERVICE has full control on the physical directory, but what should be
> > the anonymous access user? The NETWORK SERVICE is not available for
> > anonymous access. Using the IUSR_ id for anonymous access did not help
> > since it does not have the required permissions. How can I write to
> > file on IIS 6.0?
> >
> > Please let me know if there is any way of solving this preferably
> > without creating a new user account.
> >
> >

Re: Problems with writing to a file on IIS 6.0

In that case, the configured IIS anonymous user is used.

By why don't you just disable impersonation? Then IUSR_ is not
used - instead Network Service is used.

Cheers
Ken

wrote in message
news:b2ad6fcc-af8d-4e84-9f17-3be17efec782@n20g2000hsh.google groups.com...
> The impersonation is set to true in the config file, what would
> ASP.NET run as in my case?
> And i also need to use the anonymous access to provide access without
> any authentication.
>
>
> Ken Schaefer wrote:
>> If you are using an ASP.NET application without impersonation, then your
>> ASP.NET code runs as Network Service (not the anonymous user account in
>> IIS). There should be no need to make the Network Service account the
>> anonymous user account.
>>
>> Cheers
>> Ken
>>
>> wrote in message
>> news:243cf163-87fc-4c67-8a2e-51389f904b61@k39g2000hsf.google groups.com...
>> >I have an ASP.Net application which accesses a web server hosted on
>> > IIS. The web server creates a file in the application directory and
>> > writes to it. My application needs to run on 2K, 2K3 and XP, i.e. IIS
>> > 5.0, 5.1 and 6.0.
>> > I cannot use 'Inegrated Windows Authentication' (on my client's
>> > request) so i have enabled the anonymous access. In 2K and XP systems,
>> > I gave the ASPNET user full control on the physical directory and made
>> > it the id for 'Anonymous Access' for that virtual directory. The
>> > application runs fine.
>> >
>> > But on a machine with IIS 6.0, I am facing problems. The user NETWORK
>> > SERVICE has full control on the physical directory, but what should be
>> > the anonymous access user? The NETWORK SERVICE is not available for
>> > anonymous access. Using the IUSR_ id for anonymous access did not help
>> > since it does not have the required permissions. How can I write to
>> > file on IIS 6.0?
>> >
>> > Please let me know if there is any way of solving this preferably
>> > without creating a new user account.
>> >
>> >

Re: Problems with writing to a file on IIS 6.0

Do you mean disable the anonymous access and use the integrated
windows authentication instead?
This method works fine, but only when the user logged on is a domain
user account. If the user logs in as the local system admin, the
application fails.


Ken Schaefer wrote:
> In that case, the configured IIS anonymous user is used.
>
> By why don't you just disable impersonation? Then IUSR_ is not
> used - instead Network Service is used.
>
> Cheers
> Ken
>
> wrote in message
> news:b2ad6fcc-af8d-4e84-9f17-3be17efec782@n20g2000hsh.google groups.com...
> > The impersonation is set to true in the config file, what would
> > ASP.NET run as in my case?
> > And i also need to use the anonymous access to provide access without
> > any authentication.
> >
> >
> > Ken Schaefer wrote:
> >> If you are using an ASP.NET application without impersonation, then your
> >> ASP.NET code runs as Network Service (not the anonymous user account in
> >> IIS). There should be no need to make the Network Service account the
> >> anonymous user account.
> >>
> >> Cheers
> >> Ken
> >>
> >> wrote in message
> >> news:243cf163-87fc-4c67-8a2e-51389f904b61@k39g2000hsf.google groups.com...
> >> >I have an ASP.Net application which accesses a web server hosted on
> >> > IIS. The web server creates a file in the application directory and
> >> > writes to it. My application needs to run on 2K, 2K3 and XP, i.e. IIS
> >> > 5.0, 5.1 and 6.0.
> >> > I cannot use 'Inegrated Windows Authentication' (on my client's
> >> > request) so i have enabled the anonymous access. In 2K and XP systems,
> >> > I gave the ASPNET user full control on the physical directory and made
> >> > it the id for 'Anonymous Access' for that virtual directory. The
> >> > application runs fine.
> >> >
> >> > But on a machine with IIS 6.0, I am facing problems. The user NETWORK
> >> > SERVICE has full control on the physical directory, but what should be
> >> > the anonymous access user? The NETWORK SERVICE is not available for
> >> > anonymous access. Using the IUSR_ id for anonymous access did not help
> >> > since it does not have the required permissions. How can I write to
> >> > file on IIS 6.0?
> >> >
> >> > Please let me know if there is any way of solving this preferably
> >> > without creating a new user account.
> >> >
> >> >

Re: Problems with writing to a file on IIS 6.0

No,

I am saying disable Impersonation in your web.config, and then ASP.NET pages
will use Network Service (or whatever your web app pool identity is)

Cheers
Ken

wrote in message
news:719b0274-55cf-4529-866a-a5ba67c57634@j78g2000hsd.google groups.com...
> Do you mean disable the anonymous access and use the integrated
> windows authentication instead?
> This method works fine, but only when the user logged on is a domain
> user account. If the user logs in as the local system admin, the
> application fails.
>
>
> Ken Schaefer wrote:
>> In that case, the configured IIS anonymous user is used.
>>
>> By why don't you just disable impersonation? Then IUSR_ is
>> not
>> used - instead Network Service is used.
>>
>> Cheers
>> Ken
>>
>> wrote in message
>> news:b2ad6fcc-af8d-4e84-9f17-3be17efec782@n20g2000hsh.google groups.com...
>> > The impersonation is set to true in the config file, what would
>> > ASP.NET run as in my case?
>> > And i also need to use the anonymous access to provide access without
>> > any authentication.
>> >
>> >
>> > Ken Schaefer wrote:
>> >> If you are using an ASP.NET application without impersonation, then
>> >> your
>> >> ASP.NET code runs as Network Service (not the anonymous user account
>> >> in
>> >> IIS). There should be no need to make the Network Service account the
>> >> anonymous user account.
>> >>
>> >> Cheers
>> >> Ken
>> >>
>> >> wrote in message
>> >> news:243cf163-87fc-4c67-8a2e-51389f904b61@k39g2000hsf.google groups.com...
>> >> >I have an ASP.Net application which accesses a web server hosted on
>> >> > IIS. The web server creates a file in the application directory and
>> >> > writes to it. My application needs to run on 2K, 2K3 and XP, i.e.
>> >> > IIS
>> >> > 5.0, 5.1 and 6.0.
>> >> > I cannot use 'Inegrated Windows Authentication' (on my client's
>> >> > request) so i have enabled the anonymous access. In 2K and XP
>> >> > systems,
>> >> > I gave the ASPNET user full control on the physical directory and
>> >> > made
>> >> > it the id for 'Anonymous Access' for that virtual directory. The
>> >> > application runs fine.
>> >> >
>> >> > But on a machine with IIS 6.0, I am facing problems. The user
>> >> > NETWORK
>> >> > SERVICE has full control on the physical directory, but what should
>> >> > be
>> >> > the anonymous access user? The NETWORK SERVICE is not available for
>> >> > anonymous access. Using the IUSR_ id for anonymous access did not
>> >> > help
>> >> > since it does not have the required permissions. How can I write to
>> >> > file on IIS 6.0?
>> >> >
>> >> > Please let me know if there is any way of solving this preferably
>> >> > without creating a new user account.
>> >> >
>> >> >

Re: Problems with writing to a file on IIS 6.0

I disabled the impersonation, then I got the 'not authorized to view
this page' error. I had to check the integrated windows authentication
for the application to start.

Is there any disadvantage of using the windows authentication over
anonymous access?

Ken Schaefer wrote:
> No,
>
> I am saying disable Impersonation in your web.config, and then ASP.NET pages
> will use Network Service (or whatever your web app pool identity is)
>
> Cheers
> Ken
>
> wrote in message
> news:719b0274-55cf-4529-866a-a5ba67c57634@j78g2000hsd.google groups.com...
> > Do you mean disable the anonymous access and use the integrated
> > windows authentication instead?
> > This method works fine, but only when the user logged on is a domain
> > user account. If the user logs in as the local system admin, the
> > application fails.
> >
> >
> > Ken Schaefer wrote:
> >> In that case, the configured IIS anonymous user is used.
> >>
> >> By why don't you just disable impersonation? Then IUSR_ is
> >> not
> >> used - instead Network Service is used.
> >>
> >> Cheers
> >> Ken
> >>
> >> wrote in message
> >> news:b2ad6fcc-af8d-4e84-9f17-3be17efec782@n20g2000hsh.google groups.com...
> >> > The impersonation is set to true in the config file, what would
> >> > ASP.NET run as in my case?
> >> > And i also need to use the anonymous access to provide access without
> >> > any authentication.
> >> >
> >> >
> >> > Ken Schaefer wrote:
> >> >> If you are using an ASP.NET application without impersonation, then
> >> >> your
> >> >> ASP.NET code runs as Network Service (not the anonymous user account
> >> >> in
> >> >> IIS). There should be no need to make the Network Service account the
> >> >> anonymous user account.
> >> >>
> >> >> Cheers
> >> >> Ken
> >> >>
> >> >> wrote in message
> >> >> news:243cf163-87fc-4c67-8a2e-51389f904b61@k39g2000hsf.google groups.com...
> >> >> >I have an ASP.Net application which accesses a web server hosted on
> >> >> > IIS. The web server creates a file in the application directory and
> >> >> > writes to it. My application needs to run on 2K, 2K3 and XP, i.e.
> >> >> > IIS
> >> >> > 5.0, 5.1 and 6.0.
> >> >> > I cannot use 'Inegrated Windows Authentication' (on my client's
> >> >> > request) so i have enabled the anonymous access. In 2K and XP
> >> >> > systems,
> >> >> > I gave the ASPNET user full control on the physical directory and
> >> >> > made
> >> >> > it the id for 'Anonymous Access' for that virtual directory. The
> >> >> > application runs fine.
> >> >> >
> >> >> > But on a machine with IIS 6.0, I am facing problems. The user
> >> >> > NETWORK
> >> >> > SERVICE has full control on the physical directory, but what should
> >> >> > be
> >> >> > the anonymous access user? The NETWORK SERVICE is not available for
> >> >> > anonymous access. Using the IUSR_ id for anonymous access did not
> >> >> > help
> >> >> > since it does not have the required permissions. How can I write to
> >> >> > file on IIS 6.0?
> >> >> >
> >> >> > Please let me know if there is any way of solving this preferably
> >> >> > without creating a new user account.
> >> >> >
> >> >> >

Re: Problems with writing to a file on IIS 6.0

wrote in message
news:ee0d52a7-0b0d-44c2-b243-afd667c065f1@f10g2000hsf.google groups.com...
>I disabled the impersonation, then I got the 'not authorized to view
> this page' error.

Then you need to give Network Service access to the pages/resources in
question.

> I had to check the integrated windows authentication
> for the application to start.

No - that should make no difference. Do not set an authentication mode in
web.config, and do not enable impersonation.

>
> Is there any disadvantage of using the windows authentication over
> anonymous access?

They are completely different. Windows Authentication means that the end
user must supply Windows credentials to *authenticate*. Anonymous access
means that a preconfigured user account is used.

Impersonation is something completely different to authentication.

Cheers
Ken


>
> Ken Schaefer wrote:
>> No,
>>
>> I am saying disable Impersonation in your web.config, and then ASP.NET
>> pages
>> will use Network Service (or whatever your web app pool identity is)
>>
>> Cheers
>> Ken
>>
>> wrote in message
>> news:719b0274-55cf-4529-866a-a5ba67c57634@j78g2000hsd.google groups.com...
>> > Do you mean disable the anonymous access and use the integrated
>> > windows authentication instead?
>> > This method works fine, but only when the user logged on is a domain
>> > user account. If the user logs in as the local system admin, the
>> > application fails.
>> >
>> >
>> > Ken Schaefer wrote:
>> >> In that case, the configured IIS anonymous user is used.
>> >>
>> >> By why don't you just disable impersonation? Then IUSR_
>> >> is
>> >> not
>> >> used - instead Network Service is used.
>> >>
>> >> Cheers
>> >> Ken
>> >>
>> >> wrote in message
>> >> news:b2ad6fcc-af8d-4e84-9f17-3be17efec782@n20g2000hsh.google groups.com...
>> >> > The impersonation is set to true in the config file, what would
>> >> > ASP.NET run as in my case?
>> >> > And i also need to use the anonymous access to provide access
>> >> > without
>> >> > any authentication.
>> >> >
>> >> >
>> >> > Ken Schaefer wrote:
>> >> >> If you are using an ASP.NET application without impersonation, then
>> >> >> your
>> >> >> ASP.NET code runs as Network Service (not the anonymous user
>> >> >> account
>> >> >> in
>> >> >> IIS). There should be no need to make the Network Service account
>> >> >> the
>> >> >> anonymous user account.
>> >> >>
>> >> >> Cheers
>> >> >> Ken
>> >> >>
>> >> >> wrote in message
>> >> >> news:243cf163-87fc-4c67-8a2e-51389f904b61@k39g2000hsf.google groups.com...
>> >> >> >I have an ASP.Net application which accesses a web server hosted
>> >> >> >on
>> >> >> > IIS. The web server creates a file in the application directory
>> >> >> > and
>> >> >> > writes to it. My application needs to run on 2K, 2K3 and XP, i.e.
>> >> >> > IIS
>> >> >> > 5.0, 5.1 and 6.0.
>> >> >> > I cannot use 'Inegrated Windows Authentication' (on my client's
>> >> >> > request) so i have enabled the anonymous access. In 2K and XP
>> >> >> > systems,
>> >> >> > I gave the ASPNET user full control on the physical directory and
>> >> >> > made
>> >> >> > it the id for 'Anonymous Access' for that virtual directory. The
>> >> >> > application runs fine.
>> >> >> >
>> >> >> > But on a machine with IIS 6.0, I am facing problems. The user
>> >> >> > NETWORK
>> >> >> > SERVICE has full control on the physical directory, but what
>> >> >> > should
>> >> >> > be
>> >> >> > the anonymous access user? The NETWORK SERVICE is not available
>> >> >> > for
>> >> >> > anonymous access. Using the IUSR_ id for anonymous access did not
>> >> >> > help
>> >> >> > since it does not have the required permissions. How can I write
>> >> >> > to
>> >> >> > file on IIS 6.0?
>> >> >> >
>> >> >> > Please let me know if there is any way of solving this preferably
>> >> >> > without creating a new user account.
>> >> >> >
>> >> >> >