Hi!

I've developed an ASP.Net app which allows the browse of the contents of my computer based on SMB and an UNC path, for private use only. So from 1 computer running my app on IIS5.1 on XP, I can access the other ones thru the net, providing only the UNC path.

I have multiple computers at home and I can access all shares on the computers with WinXP. But when it comes to this one computer with Vista, I cannot access it, saying it has bad username or password. The share is 100% accessible to the computer where the asp.net app is deployed.

After some research with Wireshark I found that it was accessing the access to shares was being blocked maybe because of the credentials being used were from ASPNET account, used by default by IIS.

So searched the net and found ASP impersonation which I tried. First I tried to impersonate the account on my Vista computer, with its username and pass on web.config.IIS retuns me with this error when I access the site:

"Could not create Windows user token from the credentials specified in the config file. Error from the operating system 'Unspecified error"

I tried other logins but always this message pops up....

Then I tryed to impersonate programatically. The commands seem to be accepted but then when I try to read any file on the share it simply says:

"Access to <share> is denied"

Also I tried adding to the share the Network service user on the Vista machine to see if it would then grant me the access, but no such luck:(

I'm using the traditional DirectoryInfo and FileSystemInfo functions to access the files on the shares.

I'm completly lost now...can anyone help?

Tkx in advance!

 Hey, it sounds a lot like an authorization issue - please check out this: http://retkomma.wordpress.com/2009/07/28/how-to-debug-http-error-401-unauthorized-in-asp-net-via-iis/

The user I use is IUSR_MICROSERVER on the IIS5.1, with anonymus access.On the directory I think there is no more security options to enable as I set read, write, execute, script permission for this webservice.

I tried adding permissions on the share to all the users available on the Vista computer but still no access and the same error "Login Fail: unknown username or bad password" occurs :(

It seems to be a hard problem to solve:(

Hey, The IUSR_* is not a very privilidged user, it's not even a part of the everyone group, so you specifycally has to assign permissions for this user to your files&dir. Another solution is to impersonate your app by applying this in your web.config: <identity impersonate="true" userName="someuser" password="password" />. This will make your asp.net process run with the impersonated users authorizations.

Br. Morten

Yep, impersonation was the answer. But every site I visited fails to mention which usernames are allowed to

impersonate!

Turns out only the users defined in Computer Management -> Local Users and Groups -> Users  are valid for

impersonation! It's not the User in my Vista computer that need to be impersonated but a local user from the

computer running IIS!

Maybe it is obvious to IT specialists but not to me...

As I tried to impersonate my main login, which has a blank password, the ASP server message error on the main page

changed to

" Could not create Windows user token from the credentials specified in the config file. Error from the operating

system 'Unspecified error"

I have a blank password on this computer, as I need it to Login reliably everytime I need to reboot or when the

power is lost, because of other desktop app I need to run.

So I searched a little about blank passwords in XP and I arrived at conclusion that I needed to change a setting on

Local Policies -> Security Options -> Limit Local Account Use of Blank Passwords to Console Logon Only to disabled.

Et voila!  I refreshed the webpage, the ASP error went away and it showed my page.

Half of the battle is won. But I still can't access the contents of my Vista computer...

So after some thinking and playing with the shares and Wireshark, I created a username on Local Users and Groups on

the vista computer with the same name as the impersonated user, with no password. Also the blank password problem

poped up. So I disabled the policy about limiting the blank passwords on vista too.

But still no access..now permissions on the shared folder needed to be set!

Contrary to what I had read I found out that the User that needs permission to access a share on Vista is called

"NETWORK" and not "NETWORK SERVICE"!

So in the security tab of the shared vista folder I added the NETWORK user and in the Sharing tab -> Advanced

Sharing... -> Permissions I also added NETWORK user.

Now the share is accessible!<:o) :D

It was a really complex problem! Tkx guys for the help!

Hope this post can help someone in the future!