By Kevin Luan
Mar 19, 2008
When my web service accesses a network mapping drive, a privilege-related exception happened.
To be specific, the problem is that the Directory.CreateDirectory(path) method in .Net framework failed because of lack of authority to access the target folder. The message is reading like "part of the path can not be found."
The server which hosts my web service and the server where the folder is shared and mapped are not in a domain environment. They are in a network workgroup.
I did the following steps to solve this problem:
1. In the folder sharing server, designate a user
2. Expose approperate accessability from the sharing folder to the designated user
3. Create a matching account in the web service hosting server
4. Assign the matching account to the application pool that hosts my web service.
The background information
In the first place, I changed the user identity in machine.config file, processModel section to "system", which is supposed to have almost all authority to access all resources in the server.
it doesn't work. the reason I thought was that IIS 6.0, which is different from IIS 5.0, uses application pool with an associated user account. it is the application pool user under which my web service process is runing, rather than the user defined in machine.config.
coming next, I set the application pool with a user id of "local system", which is supposed to have plenty of authority to access the server's resources. it still doesn't work. I believed the reason was that "local system", as the name implies, is a local account, is not the "local system" in the sharing folder server. It is a concern what specific user id is used to make request toer is mapped to connect to a network resource such as our mapping folder.
In a domain environment, the "local system" has certain domain role which has the authority to access the resource, but it is different in a workgroup environment.
Finally I tried using matching credentials and it worked. I created and used exactly same user account in both servers.
Remember, use UNC path to access the shared network folder, rather than mapping to a network drive, because the mapping drive is user session dependent.
Thursday, March 20, 2008
Session state in a webfarm
In a web farm environment, one concern is how to keep the session state.
we may wire up a session state-server or maintain session in a database.
The easiest solution is implementing session affinity. In the switch, where the load balancing is implemented, configure the filter with parameters of both ip address and session id. As such, any request from a specific ip pertaining a given session id would be directed to a server where the request consistency is guaranteed.
we may wire up a session state-server or maintain session in a database.
The easiest solution is implementing session affinity. In the switch, where the load balancing is implemented, configure the filter with parameters of both ip address and session id. As such, any request from a specific ip pertaining a given session id would be directed to a server where the request consistency is guaranteed.
Subscribe to:
Posts (Atom)