file-permissionsiis-8windows-server-2012dmz

Save files to DMZ server from LAN based web app


I've got a website in a DMZ that available on the internet. There is an admin site in our LAN that is used to maintain the DMZ site. One of the functions is to add files that need to be accessible on the DMZ site. There is a section of the site on the LAN site where a user can upload a file, that file needs to get saved to the site on the DMZ I have a share created on the DMZ server and have it mapped to a drive on the LAN computer and I can copy, move, and update files directly on the share from the LAN in windows explorer. However, everytime I try to save a file there from within the website on the LAN server I get a permissions error.

I assume I need to use a different identity for the application pool but I can't figure out what to use. There is a local user on the DMZ computer that has read/write access to the share, I used that user to map the drive from the LAN machine. I tried to set that user as the identity in the app pool but that didn't work. I also tried to create a local user on the LAN machine with the same name and password and use that as the identity, but that also didn't work.

They're both windows 2012 machines.


Solution

  • I figured this out .. it wasn't the application pool identity that had to be changed. I had to change the anonymous user identity associated with the anonymous authentication on the site. Create a local user on both servers with the same name and password. On the target (DMZ) server make sure that user has permission to do what it needs to do in the directories. On the source (LAN) server go into IIS and select the site. Double click the "Authentication" feature then right click "Anonymous Authentication" and select edit. Chose the "Specific user" option and set it to be the user you created that matches the one on the DMZ server.

    There is no need to actually map the drive on the LAN server you can just access it with the UNC path (\server\share).