This is because you are making a couple of wrong assumptions about how user
authentication works with the web.
By design, files inside of "My Documents" would be ACL'd such that only
"myname" would be able to access it and NOT any other user. This is for
security, so that any other user cannot come along and read your files.
So, the whole issue with accessing a file is "what's your identity" and
"does your identity have access to the resource being accessed" ?
Now, when you log onto a machine as yourself, you authenticated once and do
everything as your own identity -- hence it has access to your files in "My
Documents".
However, things are slightly different when you request a file over the web.
What is happening here is that the web is client/server based, identity is
proven through authentication for each request by some means, and
authentication may not be required by the server (i.e. anonymous access).
The key realization is that the identity that is using the browser may not
be the same identity that is used on the server to manipulate files. There
are many standard authentication protocols, and tons of custom
authentication hacks. I'm only talking about the standard authentication
protocols since IIS provides integration with the ACL system on Windows.
Thus, when it comes to the identity that is actually running on the server
(on your behalf from the client), you need to check:
1. Is the server requiring authentication or not
2. Are the client and server using the same user database to authenticate
credentials
If the server is not requiring authentication (i.e. anonymous access is
enabled), then all users that make requests to the server automatically get
mapped to some anonymous user account on the server. This anonymous user
account likely does not have access to your "My Documents" since that would
be insecure -- hence it is denied access.
If the server is requiring authentication (i.e. anonymous access is
disabled, and some other authentication protocol is enabled), then all
browser requests will end up being authenticated in some manner by the
server.
Like any other operating system, usernames on Windows are associated with a
unique ID (called SID) -- and resources are ACL'd to this SID. This allows
a user to change their name at will but NOT affect access to their files.
Now, if the server and client are in the same domain, then they use the same
database to lookup username/SID, and so your user identity on the browser IS
used on the server, and it should be able to manipulate "My Documents" of
the user.
If the server and client are stand-alone, then they probably do not use the
same database to lookup username/SID, so while your username/password may be
the same between the client and server (so authentication succeeds), the SID
will not be the same. If the resources are ACL'd to one SID and not
another, you can get access denied.
So, it should be clear the options that you have:
1. If you need anonymous access to your "My Documents" (not recommended,
since that is insecure), you either ACL "My Documents" to give access to the
anonymous credential of IIS, or you change the anonymous credential of IIS
to be yourself. Neither is really desirable nor secure.
2. If you need authenticated access to your "My Documents", then you need to
turn on authentication and turn off anonymous access on the server, and make
sure that the SID which the resources are ACL'd to matches the SID that you
manage to logon with on the server.
--
//David
IIS
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"dogprof" <godogprof.RemoveThis@netscape.net> wrote in message
news:fc1db92b.0405171328.1543c413@posting.google.com...
Hi:
Is there a restriction on having an IIS virtual directory pointing to
a folder within the My Documents folder? I get the following error
message whenver I try to access a Web page in a virtual directory that
points to something in My Documents:
Server cannot access application directory 'C:\Documents and
Settings\myname\My Documents\ASPProjects\OldeTyme\'. The directory
does not exist or is not accessible because of security settings.
Everything works fine for folders outside of My Documents.
Thanks
DogProf
FAQ
Profile
Private Messages
Log in
