1

I've got a web application which uses in its code behind net use in order to map a net work drive that is shared on a different server and then it writes data onto the mapped drive.

This worked fine in the past. After a long break now whenever I try to map the drive I get "access denied to path \blablupp\blub...".

The exact command I'm using is: net use \\blablupp\blub mypass /user:myuser

When I connect to the server with my admin account and type the commands in manually....it works without a hitch. So I guess it is some sort of user permissions problem. But I don't find out where it could stem from.

What is more is that the identity used is the: ApplicationPoolIdentity.

So the question is: Is there any way to find out what the exact problem all of a sudden is and how could I solve it?

Thomas
  • 395
  • 3
  • 5
  • 19
  • Why are you mapping the network drive from IIS and don't create a permanent one? Please also comment on the methods in [this answer](https://stackoverflow.com/a/14103682/165358). See also if the Event Viewer has more information (perhaps in section Windows Logs / Security). – harrymc May 21 '19 at 11:59
  • @harrymc so far I didn't find any way to create a permanent mapping that works also for the IIS_USRS user AND gets recreated immediately if the connection breaks down for some reason and is reestablished (thus recreating automatically without server restart). Event Viewer: Nope not a single entry in it – Thomas May 21 '19 at 12:56
  • Is it possible that permissions were changed on the shared folder? – harrymc May 21 '19 at 13:00
  • @harrymc nope. Interestingly on the same server I have a similar share that I'm using with the same commands only difference is that the server url has 1 letter less than this share......and that one works. Permissions are the same for the given users on both sharings. – Thomas May 21 '19 at 13:08
  • You could try to rename, but this seems weird. The only reasons I can think of are permissions or that the share already exists. Perhaps deleting and re-creating the share on the source computer will help, but beware of the gotcha where a share created by an admin account is not the same as the one created by a standard account. – harrymc May 21 '19 at 16:35
  • @harrymc we found it out....although the final reason is not something for upseruser and more something for stackoverflow. As it seems how it was programmed in the programm doing hte net use commands the user context seemingly switched between mapping and using the share and that caused the problems......the 2nd url that worked seemingly was created manually persistent. – Thomas May 22 '19 at 12:33
  • By context switching, do you mean impersonating a user account (as with function 'LogonUser`)? – harrymc May 22 '19 at 12:43
  • @harrymc nope. the "strange" thing is the mapping function when it is in a static method then it does not work. when it is in the "normal" method it works: https://stackoverflow.com/questions/56257080/why-does-using-a-share-mapped-in-a-static-method-fail only reason I could think of is a context switch of some kind (makes no sense to me though as static shouldn't cause a context switch imho). – Thomas May 22 '19 at 12:52
  • It sounds to me rather like you are already connected to the server under alternate credentials. Try disconnecting from the server prior to attempting to map. – harrymc May 22 '19 at 14:42
  • @harrymc the user is "just" a service user that has no right to connect to my own server. Still though if I put the whole "open share" part outside of teh static method and right into the page_load code it works normally (thus no problem). Thus I dare say, if it was already there under different credentials that should not work as well (thus both methods should fail)? – Thomas May 23 '19 at 07:52
  • According to your info, this is a credentials problem. Windows will cache any network credentials used, so if the application uses another credential in the meantime to the same server, this one will be used. When moving the command around, you might just be changing its execution to be before the other credential is applied. – harrymc May 23 '19 at 08:15
  • @harrymc the only thing where it could "happen" is on startup time, else no other program aside from this one is "mapping" the share or even using it (that much I can be 100% sure at least). – Thomas May 23 '19 at 08:18
  • I'm referring to *any* access of *any* resource on the server, not only to mapping. – harrymc May 23 '19 at 08:24
  • @harrymc Do you mean: Application A tries the mapping, in the meantime application B logs in with other credentials on server XY and then application A tries to use the mapping but instead gets the credentials of application B instead of the original of itself? If I didn't get that correct an example would be good.....if I did get it correctly and that can happen then.....I would have to ask if microsoft lost their mind (that would not even be a worst case scenario....that is a knockout scenario for anything where you need credentialsoO) – Thomas May 23 '19 at 09:18
  • The rules are not completely known to me. I would think that the chances for this happening are more for applications running under the same user-account. You could examine when it happens what you have in *Control Panel > User Accounts > Manage your credentials*. – harrymc May 23 '19 at 10:48

0 Answers0