From IIS I need to access a folder on another computer. Both servers are Window 2008 SP2, and they live in a Virtual Private Cloud on Amazon EC2. They reach one another by private IP — they are in WORKGROUP, not a domain.
I can access the shared folder manually when logged in to the client as Administrator. But IIS gets "access denied." Here's what I have done:
- Set File Sharing = ON
- Set Password Protected Sharing = OFF
- Set Public Folder Sharing = ON
- Shared the folder
- Added permission to the share: Everyone, Full Control
- Added permission to the share: NETWORK SERVICE, Full Control
- Verified that File & Printer Sharing is checked in Windows Firewall
- Opened port 445 to inbound traffic from local sources
I tried adding <remote-machine-name>\NETWORK SERVICE to the share but it says it does not recognize the machine, which makes sense, I guess.
As I said, from the other computer I have no trouble accessing the shared folder from my user account, but IIS is shut out. How does the file server even know the difference? I would assume that with Everyone given full control and password protected sharing turned off, it would not matter what the client user account is.
In any case, how to solve?
UPDATE: To clarify, I am not trying to serve up files on the share directly through IIS. Rather I am writing files to the share from my code (System.IO).
Best Answer
IIS's default operational mode is quite locked down. IIS doesn't use
<computername>\NETWORK SERVICE. It uses<computername>\IUSR_<computername>, which is a member of the<computername>\Guestsgroup. If the web page you're trying to access on the IIS server instead is requesting authentication, it will instead attempt to use those credentials to authenticate. If the files it's accessing are executable scripts, then instead it usesIWAM_<computername>. I don't remember offhand the group membership of that.What you want to do here isn't very easy to configure over a workgroup. You'd have to set up an account on the remote machine with the same username and password that the IIS system is using. You can use a script to hopefully determine the IIS user account's password, but I don't know if IIS changes that periodically or if the script doesn't function on newer versions.