UnauthorizedAccessException while uploading a file.

Hi folks:

I am getting the following exception while uploading a file using HtmlInputFile.

System.UnauthorizedAccessException: Access to the path "C:\personal\site.gif" is denied.

I am using the following code to upload a file in the button click event.

this.txtLogo.PostedFile.SaveAs(this.txtLogo.Value);

where txtLogo has been declared as:

protected System.Web.UI.HtmlControls.HtmlInputFile txtLogo;

I guess it has to do something with secutiry persmission to write to some directory but I do not how do I go about doing it. May be I have to impersonate some user account but I am not sure. thanks in advance.
rxrazaAsked:
Who is Participating?
 
jnhorstConnect With a Mentor Commented:
I am confused by your question and example:  

You are calling the SaveAs(this.txtLogo.Value) method of the HtmlInputFile control, but if I understand your post, the path in the argument is the *source* from which you are getting the file on the machine that is accessing the site:  Is this all happening on you dev box?  Or is there a server and a client machine accessing the page?

The SaveAs() method should take the file path on the server where you want the file to be saved, not the source path from which you are uploading the file.  But if you are doing this all on a dev machine, I can see where you could get the two confused.  A bit on the permissions issues raised above:

Look in web.config.  If you have <identity impersonate="true" />, then the server-side attempt to write the uploaded file to the target folder will happen under the security context of the IUSR_<machine name> account, if that is the account set to auth anonymous requests.  If you do not have the <identity impersonate="true" /> in web.config, then the local ASPNET account will be the security context.

Generally, by way of best practices, you want the local ASPNET account to have as few privileges as possible.  The best way to handle this is to have <identity impersonate="true" /> in web.config.  Then if your IIS server is in a domain or active directory environment, create a domain user strictly for anonymous authentication and give it the needed write privileges to the target folder to which the files will be uploaded.  Why a domain account for anon auth?  Because if you try to do other things like write the files to a share on another server in the network, or access a database on another database server, these other servers will know nothing about the local IUSR_... account on the IIS box, and will thus deny access.  You can also set your dev box's IIS to use the same account for anon auth so that when you move stuff from the dev box to the server, the same security contexts are at work, making things much more predictable by way of deployment.

John
0
 
mmarinovCommented:
Hi rxraza,

have you give modify access to the asp.net user ?

Regards!
B..M
0
 
AerosSagaConnect With a Mentor Commented:
right click on the folder
C:\personal\

click on the security tab, and give the account your application is running under write permissions.
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
rxrazaAuthor Commented:
AreosSaga:

C:\personal is the directory from which I am uploading the file. It is the source why would I need to give write permissions to the source directory. Depending upon the user's choice it could be any directory on the local machine.
0
 
AerosSagaCommented:
well if you want asp.net to be able to access it your going to have to give it permissions for this particular folder.
0
 
rxrazaAuthor Commented:
ok I did that. My application is running under anonymous user account which is IUSR_MACHINE. I added this account which is the internet guest user account but stil it did not work. Do I have to restart IIS?
0
 
AerosSagaCommented:
try adding the 'everyone' group with write permissions.
0
 
rxrazaAuthor Commented:
Even I gave full control including modify to that account but no use.
0
 
rxrazaAuthor Commented:
yep that worked this time - everyone group with write permission. I can't see the uploaded file in root folder of the application. Where does it suppose to upload the file?
0
 
rxrazaAuthor Commented:
John:

Oops. Indeed I had a wrong example. I thought may be I need to pass in the path to source to saveas method. I was highly mistaken and I had an assumption that it will automatically save the file under application root which is totally absurd and wrong. I screwed big time under pressure.

Will try your approach of impersonation. thanks a lot for your help.
0
 
rxrazaAuthor Commented:
It worked with IUSR_MACHINE having write permissions to the destination folder and  <identity impersonate="true" /> in web.config file.
0
All Courses

From novice to tech pro — start learning today.