Last post Mar 05, 2008 04:15 PM by TonyDong
Feb 29, 2008 11:42 AM|mobfigr|LINK
Team, I'm sure this question has already been asked before - if so please direct me to the thread.
I'm trying to create and delete virtual directories in IIS via a web app. Everything works fine locally, but when I try to run this on app on a different server I get an Access is Denied error. I've done the obvious things like:
1) Turning on Windows Authentication
2) Disabling Anonymous Access to the webs application
3) Using Identity Impersonation (via web.config settings)
But still no luck. It seems like the process identity (aspnet) gets used for creating/deleting the virtuals which obviously won't work (unless I give this account rights to delete or create the virtuals - which I don't want to do). Is there anyway I can
execute the delete/create functionality using the identity of the user authenticated to use this page?
Feb 29, 2008 04:19 PM|TonyDong|LINK
Create a newgroup and give this group permission to create and delete folder under IIS virture path.
Add all win users you need to do this create/delete job to this newgroup and it will solve your problem
Hope it can help you
Mar 05, 2008 04:04 PM|mobfigr|LINK
tony thanks for the idea. it sounds like it shoudl work. If you dont mind answering another question - how do I make my application run under the context of a particular group? I already know which group has access to perform this function, but I cannot
get hold of any "service account" that belongs to this group to run the appilcation under. Any idea on how I can make the app run under the context of a particular group?
Mar 05, 2008 04:15 PM|TonyDong|LINK
You can use IIS document security to setup the user group, it is the easy way.
You can alos get user role or groups from ADS, so from there, you can allow the user do some jobs.
See how to query Active Directory url