IIS 5 & IIS 6
ASP3 Classic web application and security
Last post Feb 02, 2017 12:18 AM by Ken schaefer
Nov 15, 2016 08:44 AM|FrBotte|LINK
We have some problems with an asp3 classic web application.
1 -The need :
Our Client need to update his ASP3 Web Solution to realize copy/paste files from server1 to server2 and create folders.
Use Filesystem Object into our ASP3 web Page (on IIS7.5 on 2008 r2 server) to realise these operations (file copy/paste, and create folders between two servers).
2 – The Code:
The asp3 code looks like this :
set fs = Server.CreateObject("Scripting.FileSystemObject")
if fs.FolderExists(pathdestination & "\" & Imatric) = false then
fs.CreateFolder(pathdestination & "\" & Imatric)
fs.CopyFile pathsource & "\" & pathfichier, pathdestination & "\" & Imatric &"\" ,true
3 – What we tried:
We tried some solutions in the IIS Configuration but without success (ASP Impersonation with dedicated Account Services, Pool application identity with dedicated account services etc...).
If we log the error information we have : “Access Denied”
whereas if we use account service directly we copy/paste through Windows Explorer without problem -> So we are thinking that que the asp3 web don’t “run” under (using) this service account.
4 – Our Question:
Can you confirm us that it's possible to realize this ? ( ASP3 on IIS 7.5 with impersonation, dedicated Account Service with Windows Authentication).
If yes, have you a step guide to configure IIS.? Or other solutions ?
Nov 16, 2016 10:15 AM|Yuk Ding|LINK
To further help you about this issue, I am trying to invoke someone experienced to help look into this thread, this may take some time and as soon as we get any result, we will post back.
Nov 22, 2016 05:57 AM|gtscdsi|LINK
The following threads maybe useful to you.
Nov 25, 2016 05:04 PM|FrBotte|LINK
many thanks for the repply.
we'll return for the following.
Dec 01, 2016 10:55 AM|FrBotte|LINK
Thank you for your help, appreciate it !
Following the feedbacks in the links you provided, we got some more questions to confirm the solution to be implemented :
- Is there no way to copy/paste a file using asp classic with
application pool identity directly?
- Create and remove MapNetworkDrive for each copy file is the only way ?
Thank you in advance.
Dec 16, 2016 06:43 AM|gtscdsi|LINK
Thanks for your feedback. For your questions, please find replies below:
- Is there no way to copy/paste a file using asp classic with application pool identity directly?
To my best knowledge, there is no such way in a double hope scenario.
I did some further research but no luck to find alternative way.
Hope the information useful to you.
Feb 02, 2017 12:18 AM|Ken Schaefer|LINK
With Classic ASP and Windows Authentication, you will always get impersonation (on IIS6 anyway), so you need to have Kerberos Authentication and delegation configured for the actual end user.
You will then need to use UNC paths to move the files - map drives only exist in the context of an individual user - use UNC instead.