?
Solved

ASPX - Move Files on Server (security?)

Posted on 2006-06-14
6
Medium Priority
?
270 Views
Last Modified: 2012-06-27
This should be straight forward, I'm not sure why I'm having problems.

I have two folders:
   C:\inetpub\wwwroot\ApplicationName\Data\
   C:\inetpub\wwwroot\ApplicationName\Uploads\

The IUSER_ and IWAM_ accounts have full access to these folders.

The following code fails with an access denied error.

string srcFilePath = Server.MapPath("Data") + "\\" +  "Access_Removal_Form.pdf";
string destFilePath = Server.MapPath("Uploads") + "\\" +  "Access_Removal_Form.pdf";
File.Copy(srcFilePath,destFilePath,true);


I went ahead and granted FULL CONTROL to the "EVERYONE" group, but still got the security error.

What am I missing?

IIS 5.5; WinXP  

Will be moving to Server 2003 IIS 6
0
Comment
Question by:_TAD_
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
6 Comments
 
LVL 22

Author Comment

by:_TAD_
ID: 16903062
Here's the full error:



Access to the path "c:\inetpub\wwwroot\ComputerAccessRemoval\Uploads\Access_Removal_Form.pdf" is denied.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.UnauthorizedAccessException: Access to the path "c:\inetpub\wwwroot\ComputerAccessRemoval\Uploads\Access_Removal_Form.pdf" is denied.

ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6) that is used if the application is not impersonating. If the application is impersonating via <identity impersonate="true"/>, the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user.

To grant ASP.NET write access to a file, right-click the file in Explorer, choose "Properties" and select the Security tab. Click "Add" to add the appropriate user or group. Highlight the ASP.NET account, and check the boxes for the desired access.

Source Error:


Line 64:                         string srcFilePath = Server.MapPath("Data") + "\\" +  "Access_Removal_Form.pdf";
Line 65:                         string destFilePath = Server.MapPath("Uploads") + "\\" +  "Access_Removal_Form.pdf";
Line 66:                         File.Copy(srcFilePath,destFilePath,true);

 
0
 
LVL 22

Author Comment

by:_TAD_
ID: 16903069

oh yeah, and the MACHINE\ASPNET account also has full access to both directories.
0
 
LVL 22

Author Comment

by:_TAD_
ID: 16904646



Ok, I have SOLVED the problem.  Or at least I have a workaround.



By adding <identity impersonate="true" /> to my web config, everything works just ducky.




I am still offering 500 pts to anyone who can explain this to me.  I understand that by using impersonate I should no longer be using the ASPNET account (or Network Services in IIS 6), but rather the IUSER_ account (likewise if I set up anonymous access, I'd be using the IWAM_ Account).

But my ASPNET account already had full access to these directories.  it should have worked.

Why did it not?
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 12

Accepted Solution

by:
TheMegaLoser earned 1000 total points
ID: 16904700
Do Access_Removal_Form.pdf already exists in the Uploads directory? If so, check that it has inherited the rights from the directory.
0
 
LVL 22

Author Comment

by:_TAD_
ID: 16905368
The file exists in the Data Directory, and I want to create a copy in the Uploads directory.

I have forced security on the folders for all users to have full control for all folders, subfolders and files.  

The process still failed.  It was only successfull after I addedd the <identity impersonate=true />

I am inclined to believe that there must be some inate restriction within IIS to prevent the ASPNET user from affecting any files on the server (some kind of security measure), but that seems redundant given all of the other security hoops I'd had to jump through.

0
 
LVL 22

Author Comment

by:_TAD_
ID: 16923966


clearly there is no interest in this question.  So I've opted to close it.


Sorry about the 'C', but I'd rather award *some* points instead of having the Q deleted.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In order to hide the "ugly" records selectors (triangles) in the rowheaders, here are some suggestions. Microsoft doesn't have a direct method/property to do it. You can only hide the rowheader column. First solution, the easy way The first sol…
We all know that functional code is the leg that any good program stands on when it comes right down to it, however, if your program lacks a good user interface your product may not have the appeal needed to keep your customers happy. This issue can…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Suggested Courses
Course of the Month15 days, 8 hours left to enroll

741 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question