Permission for ASP.NET application on web server to access shared folder on another server

Here's one way you could it:

• Create an account on the web server for the web service to run as.
• Create an account with the same username and password on the virus scanning machine.
• In the NTFS permissions for the shared folder grant the account you created rights to write to the folder.
• In the share permissions on the shared folder set "Everyone / Full Control".
• Be sure you have good name resolution between the web server and the machine hosting the shared folder.

Edit:

I've never used the "impersonate" functionality that sparks refers to in his answer. I don't think this is going to do what you want anyway, seeing as how there isn't a way for a standalone machine to impersonate an account from another standalone machine (or from a domain that the impersonating machine is not a member of).

If you want authenticated access for the web server machine to the virus scanning machine, you need an account on the virus scanning machine with the proper rights to the share and the filesystem where the share is located.

The application would need to connect to the share using the correct credentials when it is doing the write operation.

Given that the web server isn't going to be able to run the IIS process using the credentials from the virus scanning machine, you likely will need modifications to the application to support authenticated access as you describe. I would recommend using something other than plain old SMB though for a .NET application as the API support for specifying credentials explicitly is somewhat lacking. FTP or SSH might be a good fit.

Alternatively, depending on your security requirements, you may be able to get away with just allowing anonymous WRITE-only access to the virus scanning share and have the web server talk to it unauthenticated. You could use firewall rules or other mechanisms to limit the exposure here from allowing anonymous access.