IIS7 - Virtual Directory UNC share without Domain - Access Denied

Question

I am trying to setup a virtual directory in IIS7 to a network share folder, however I am getting access denied errors.

I have created a user on both servers with identical names and passwords, and given read+write permissions on the folder for that user, I have then used the 'Connect As' option on the virtual directory and selected my newly created user. I have also selected my new user for the application pool on both servers just to be sure.

I am using Process Monitor to monitor the files / folder, each time i try and access the virtual directory through a web browser I can see Access Denied on the file i am accessing. Process monitor recognises that I am using my newly created user too.

Is there anything more I need to do or check...i have read numerous forums which repeat the same information which I have tried.

The access denied error seems to be on a 'web.config' file in the virtual directory rather than the file I am accessing in the browser. I have tried with a barebones web.config file in the directory (with full permissions for my user) and also with no web.config file...same result.

UPDATE:

I get this when clicking 'Test Settings' on the VD basic settings option:

The server is configured to use pass-through authentication with a custom account to access the specified physical path. This account cannot access the path because the account does not have Read access. Grant the account Read access to the path and test these settings again.

However i have ensure my new user has full permissions on the networked machine.

Thank You, Paul

Answer 1

Well i have got it working now, even though im not 100% sure how.

I removed all current shared connections to the network server using 'net use * /delete' on both machines...just to ensure that no connections were currently active.

Then created shared folders using the 'Share' option when right clicking a folder. Gave this folder the permissions for my new user...removed my virtual directory in IIS, created a new one using the shared folder ('//ip address/sharedfoldername/') instead of accessing it like before ('//ip address/c$/inetpub/sharedfolder/').

This worked and im not pulling my hair out any more...i beleive it may have been using authentication from a previous connection made (i mapped a network drive).

Thought I would post this in case anyone else has any issues.

Paul

Answer 2

You don't need to set up the user on both servers. Set up the user on the server that is sharing the files, and use SERVERNAME\Username for the login credentials when configuring IIS' Connect As settings.

Answer 3

If you're requiring Windows Authentication, you may find that IIS is trying to impersonate the user. Does it work if you configure Anonymous authentication, and use the Application Pool Identity (which is the same user that has UNC permission, right?) as the anonymous user account?