2

I need to find the IIS8 configuration that allows this code to work with Windows Authentication Enabled. No Anonymous access.

I have a three lines of code written with Classic ASP that are meant to create a folder on a network share. It is setup as Windows Authentication. It gives me a classic ASP error stating the "permission is denied" on the .CreateFolder line.

Classic ASP

strFolderToCreate = "\\ServerABC\ShareName\Test1"
Set objFSO = Server.CreateObject("Scripting.FileSystemObject")
objFSO.CreateFolder(strFolderToCreate)

It works in the following scenarios:

  1. Old Server was IIS6 on Windows Server 2003. Works fine
  2. New Server is Windows Server 2012 with IIS8. When setup to Anonymous access only (this will use App Pool Identity), works fine

Does not work with Windows Auth:

  1. When set to Windows Authentication, it does not work.

Every user in the company has access to create anything in this folder at both the folder level and the shared level. You can go to the folder and create folders fine. I've tried lots of things, such as Classic Pipeline, Integrated Pipeline, Changes of App Pool Identities, etc.

I cannot figure out how to have this work with Windows Authentication. Is this a double hop situation where the website user is authenticated and it is trying to hop that authentication twice?

Shane
  • 243
  • 3
  • 7

1 Answers1

2

Sounds like the double hop issue. What do you see in the event log? In IIS 6, the network service is the default app pool account. Did you try setting the app pool as network service, classic mode? Is UAC (user account account) enabled?

Steve Schofield
  • 429
  • 2
  • 4
  • The interesting thing is that it works fine on IIS6 with Windows Server 2003, so you would think double hop would be there too. I've tried with network service, app pool account, custom account, classic mode, integrated mode and all modes in between. UAC is enabled. Maybe we can disable that. PS: I'm in MI as well, I think I've met you before in the past. – Shane Apr 09 '13 at 14:33
  • Tried turning off UAC on the server, had no effect. – Shane Apr 10 '13 at 17:21
  • Can you tell me your architecture then. You have two servers, I'll see if I can reproduce the issue. The front-end server hosting asp is win 2012 and back end server is what? Glad to hear we met. :) I had a few people say that to me while attending a recent conference. Small world. :) – Steve Schofield Apr 13 '13 at 09:45
  • In this case, just one have Windows Server 2012 with IIS8. Running classic asp on it for legacy app purposes. Just need this one classic ASP page to have the ability to create a network folder. If running in anonymous, it creates it, but need it to create it with only Windows Auth. Thanks! https://gist.github.com/brightstreetgroup/8166eb3850916a05319e – Shane Apr 14 '13 at 20:13