Can't access to network share from application

Question

I'm having problem with accessing to network share from my MVC application.

Application is hosted on IIS installed on remote machine named INTRANET, which is connected to same domain.

Website is using Application pool which is configured for Network Service. There are anonymous and windows authentication enabled.

When I'm debugging application locally (IIS Express and Visual Studio is opened as administrator) there is no problem. I can access to network share and download file.

The problem occurs after publishing application to INTRANET. I open web browser, go to http://intranet/, login with my domain credentials and then I try to call an action which needs access to UNC share. Then there is an error:

Access denied for path \\MyServer\MyShare\MyFolder

Controller Action looks like this:

public ActionResult DownloadAttachment(int id)
{
    try
    {
        using (var ctx = new SyzyfContext())
        {
                var taskId = ctx.ZgloszeniePlik.Where(zp => zp.ID == id).First().ZgloszenieId;

            var file = ctx.ZgloszeniePlik.Where(zp => zp.ID == id).First().nazwa;
            var fileLof = file.LastIndexOf(".") + 1;
            var fileLen = file.Length;
            var fileLofs = file.LastIndexOf(@"\") + 1;
            var fileName = file.Substring(fileLofs, fileLen - fileLofs);

            var fileToCopy = @"\\Alicja2\Zadania_rep\rep" + id.ToString("D6") + ".fle";

            var newFile = @"\\Agata\Repozytorium\" + taskId.ToString() + @"\" + fileName;

            if (!Directory.Exists(@"\\Agata\Repozytorium\" + taskId.ToString()))
            {
                Directory.CreateDirectory(@"\\Agata\Repozytorium\" + taskId.ToString());
            }

            using (var input = new FileStream(fileToCopy, FileMode.Open, FileAccess.Read, FileShare.Read))
            {
                if (!System.IO.File.Exists(newFile))
                {
                    using (var outputFile = new FileStream(newFile, FileMode.Create))
                    {
                        var buffer = new byte[0x10000];
                        int bytes;

                        while ((bytes = input.Read(buffer, 0, buffer.Length)) > 0)
                        {
                            outputFile.Write(buffer, 0, bytes);
                        }
                    }
                    }
            }

            byte[] fileBytes = System.IO.File.ReadAllBytes(newFile);

            return File(fileBytes, System.Net.Mime.MediaTypeNames.Application.Octet, fileName);
        }
    }
    catch (Exception ex)
    {
        ViewBag.Message = ex.Message;
        return View("Error");
    }
}

I think I missunderstanding whole IIS configuration. As far as I know, when Application Pool is configured for Network Service, it always uses DOMAIN\MACHINE$ account ( domain sees it as a computer object ). So I've grated full control permission for that UNC share to MACHINE$ account. It still does not work.

What login does application use when user trying to call above action ? Does it use DOMAIN\MACHINE$ account or logged user's domain account ?

Answer 1

As far as I know, if you use the Network Service account as the identity, you still need to add enough permission on the shared folder, Since Network service and local system both appear on the network as the computer account (DOMAIN\computer$).

Details steps as below:

1.Right cick the comture and click the property, you will find your computer name as below:

2.Go to your shared folder server, right click the folder and click property. Then you could add your server's account to it like this (Domain\Servername$)