I am running an ASP.NET webform which is trying to get the contents of a shared folder using new DirectoryInfo(path).GetFiles(pattern). The application pool is set to run with a domain username, but at the point of execution it is impersonating my username. I am in a group which has Full Control access to all folders in the tree and has Full Control access the share. In addition, I have given Everyone Read, Read & Execute and List folder contents access to the folder tree and Read & execute access to the share.
However, when the statement is executed I get a System.UnauthorizedAccessException:'Access to the path '\\server\share\sub1\sub2' is denied.
Running SysInternals' Process Monitor, the event shows:
Desired Access: Read Data/List Directory, Synchronize
Disposition: Open
Options: Directory, Synchronous IO Non-Alert, Open For Backup
Attributes: n/a
ShareMode: Read, Write Delete
AllocationSize: n/a
Impersonating: <MyUsername>
Running a command window on the same server, I get no error when getting a directory listing of the folder or accessing any files in the folder.
What am I missing?
Why is the response, viewed in Process Monitor, ACCESS DENIED with the Operation given as CreateFile?
Short of giving Everyone Full Control (which I don't think would help) I can't think of any more permissions to grant.
Note, I also tried Directory.EnumerateFiles(path, pattern) with the same result.
Update:
The Authentication on the web site is Windows Authentication and ASP.NET impersonation; anonymous access is disabled. The particular page does not override this.
It seems that you have a "double-hop" problem.
When you authenticate to the IIS server is the first 'hop'.
When IIS tries to access UNC, is the second hop which is not allowed.
IIS cannot in turn pass on your credentials to the UNC.
For more infos see this articles