Uploading to a Network Share

FileUp supports uploading to a network share, provided that the path is accessible to the user account under which your application is running. This needs to be considered in regards to the path itself as well as NTFS permissions to the directory.

When saving to a network share, there are a number of issues to be aware of with regard to the identity of your upload application (or the upload processing page). First of all, if your application or page is running under a local account such as the default anonymous acount (IUSR_MachineName) the upload will fail because this account does not have network priviledges. Windows Integrated Authentication is also not an option because IIS will not pass the credentials to the networked server. Therefore, one of the following approaches must be used.

UNC Paths vs. Mapped Drives

Mapped drives are dependent on user profiles. If you intend to use a mapped drive in your FileUp script, you must be certain that the mapped drive is available to the user account under which your application is running. A UNC style path is not dependent on user profiles and is a better solution when application identity varies.


Using an account that has NTFS persmissions on the networked machine.

There are three ways to configure security to enable uploads to a network file share using anonymous authentication:

  1. Create identical local accounts (e.g. IUSR_FileUp) on the Web server and file server. The two accounts must have the same username and password. On the Web server, use this account for anonymous access to your Web site. On the file server, grant this account read, write, and delete privileges to the upload directory.

    To create a new user (Do this on both servers):

    1. Go to Start/Program Files/Administrative Tools/User Manager.
    2. Open the User menu, and select New User.
    3. Enter a username and password for the new user.

    To use the new account for anonymous access to the Web site:

    1. Enter the Microsoft Management Console.
    2. Right click on the Default Web Site and choose Properties.
    3. Choose the Directory Security tab.
    4. Under Anonymous Access and Authentication Control, choose the Edit button.
    5. Uncheck Enable Automatic Password Synchronization.
    6. Browse to select the account, and enter the password.

    To grant the new user access to the shared folder on the file server:

    1. Right-click the shared folder.
    2. Open Properties.
    3. Select the Security tab.
    4. Select Permissions.
    5. In the Directory Permissions dialog box, select Add.
    6. In "Add Users and Groups," display the local server name in the "Display Names From" drop-down list box.
    7. Highlight the desired account in the scroll box, and click Add.
    8. In the Permissions window, select "Modify".

  2. Use domain accounts for anonymous authentication on the Web server and file server:

    1. Follow the directions above to select an account to be used for anonymous authentication on your Web site. When browsing for an account, select a domain account (make sure that the domain name appears in the “List Names From�? drop-down box).
    2. Follow the directions above to grant the new user access to the shared folder on the file server. When browsing for an account, select a domain account (make sure that the domain name appears in the “List Names From�? drop-down box).

  3. Clone the IUSR account on the Web server to a local account on the file server. Download KB18_files1.zip which contains the script iusrpw.vbs. If you run iusrpw.vbs on the Web server, it will output the user name and password for the IUSR account stored in IIS's metabase. You will need to copy these down and create a user on the file server with the same credentials. The new username should match AnonymousUserName and the password should match AnonymousUserPass that were outputted by running iusrpw.vbs on the Web server.

    To create a new user (do this on the file server only):

    1. Go to Start/Program Files/Administrative Tools/User Manager.
    2. Open the User menu, and select New User.
    3. Enter a username (e.g. IUSR_WebServer) and password (obtained from iusrpw.vbs) for the new user.

    To grant the new user access to the shared folder on the file server:

    1. Right-click the shared folder.
    2. Open Properties.
    3. Select the Security tab.
    4. Select Permissions.
    5. In the Directory Permissions dialog box, select Add.
    6. In "Add Users and Groups," display the local server name in the "Display Names From" drop-down list box.
    7. Highlight the desired account in the scroll box, and click Add.
    8. In the Permissions window, select "Modify".

  4. Basic Authentication or Kerberos can also be used for saving to a network share if the authenticated domain account has access to the network file share.

Copyright © 2010 SoftArtisans, Inc. All rights reserved.