IIS Logs - IIS log file compression tool - Install, Configure, Forget!

Powered by

HOME

HELP

PURCHASE

FAQ

QUICK INSTALL HELP

DOWNLOADS

Windows Service Version Guide

Stand-Alone EXE Guide

IISLogs Overview

Side-by-Side comparison of IISLogs

IISLOGS Lite Version

100% Money Back Guarantee

Get answers to your most asked questions

How to setup a website to access content on a remote NAS server

One of the more common questions in the newsgroups. "How can I have my content on a remote server vs. the local web server?". This article is a step by step how-to serve content from a remote server. This article assumes there are two machines, 1 web server and 1 content server. Lets get started.

Assumptions

Two servers running Windows 2003
Local user id on each machine with the same user id with same password

Setting up environment.

Create a user called RemoteContentUser and password PA$$@Word! on both machines
Create a folder on the server acting as the remote nas server called RemoteContent
Create a website on your web server, point the website to your remote share.
Set the User id and Password on the virtual directory as the same as the local user id you created.

Creating the local user id that will be used to authenticate to the remote share. You could also create using Computer Management MMC.

Create user on web server.

Create user on remote machine.

Create remote directory (This command creates the C:\RemoteContent folder)

Create RemoteContent$ Share (This allows access directly to the content using a UNC Path)

Using CACLS to grant the RemoteContentUser 'READ' permissions on the content folder

Screen shot from Windows Explorer showing the NTFS permissions.

Change directory to C:\RemoteContent
Create sample Default.asp that will be displayed from the web server.
Create sample Default.aspx that will be displayed from web server
Use the ECHO command to create the Default.asp and Default.aspx adding some sample content

Setup the WebSite

Open Internet Information Services Manager

Right Click on Web Sites and Select a New Web Site

Click Next
Enter your domain name.
Click Next

Type in the UNC (Universal Naming Convention) path \\ServerName\RemoteContent$
Click Next

Uncheck "Always use the authenticated users credentials when validating access to the network directory"
Click Next

Type in local user name, for our article this is RemoteContentUser and "PA$$@Word!"
Confirm password

Click OK
Click Next
Select READ, Run Scripts (such as ASP)
Click Next

Click Finish

Notice the Default.asp, Default.aspx page displayed in the right pane.

Browse the Classic Default.asp webpage

To run ASPX webpages you'll need to ensure the local user has MODIFY permission to the temporary folder where .NET pages are compiled. If you do not, you could get this error listed below.

Grant local RemoteContentUser 'CHANGE' permissions on the temporary folder where ASP.NET pages are compiled. This can be any user, we are just using a local user for an example. Security should be kept in mind when setting up your environment.
Here is the command cacls "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files" /T /E /G remotecontentuser:C

Browse the Default.aspx webpages.

If you continue to have issues executing ASP.NET webpages. You probably need to grant CASPOL permissions. The command is listed below.

CASPOL

Here is a sample error when executing ASP.NET content on a remote share.

System.Security.SecurityException: Security error.

Source Error:

Line 57:         private static System.Collections.ArrayList
__fileDependencies;
Line 58:
Line 59:         public Default_aspx() {
Line 60:             System.Collections.ArrayList dependencies;
Line 61:             if ((ASP.Default_aspx.__intialized == false)) {

Source File: D:\ASPNetTemp\authors_gfweis\3070428c\5b9f07db\9nidezwv.0.cs
Line: 59

Stack Trace:

[SecurityException: Security error.]
   GfWeis._Default..ctor() +0
   ASP.Default_aspx..ctor() in
D:\ASPNetTemp\authors_gfweis\3070428c\5b9f07db\9nidezwv.0.cs:59

CASPOL to the Rescue

What is CASPOL? This is a command line utility to adjust the security on the CLR and .NET framework. There is also two MMC's under the Administrative Tools to help adjust the CAS settings. In order to see all the settings CASPOL can do, open a command prompt and type in CASPOL /? Be very careful before adjusting these settings. This shouldn't be done on your production server without first testing on development server. Here is more information on MSDN about CASPOL as well as many other tools provided by the .NET framework. Code Access Security Policy Tool (Caspol.exe) (Allows you to examine and modify machine, user, and enterprise-level code access security policies.)

Here is the command that did the trick!

caspol -m -ag 1 -url "file://\\ServerName\RemoteContent$\*" FullTrust -exclusive on

Here is a couple of troubleshooting command line items used.

caspol -s off //This turns off CAS security
caspol -s on //This turns on CAS Security
caspol -rs //Resets CAS security.

In conclusion, this is just one example of how to setup a website to access content on a remote server. We would suggest setting up a test environment so you understand the settings before implementing into a production environment. We used a local user on both servers, if you have a Active Directory Domain available you could use a Domain user vs. a local user.

Reference links

Deploying and Configuring Internet Information Services (IIS) 6.0 with Remotely Stored Content on UNC Servers and NAS Devices

Hope this is helpful,

Steve Schofield
Microsoft MVP - IIS