[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 274
  • Last Modified:

ASPX - Move Files on Server (security?)

This should be straight forward, I'm not sure why I'm having problems.

I have two folders:
   C:\inetpub\wwwroot\ApplicationName\Data\
   C:\inetpub\wwwroot\ApplicationName\Uploads\

The IUSER_ and IWAM_ accounts have full access to these folders.

The following code fails with an access denied error.

string srcFilePath = Server.MapPath("Data") + "\\" +  "Access_Removal_Form.pdf";
string destFilePath = Server.MapPath("Uploads") + "\\" +  "Access_Removal_Form.pdf";
File.Copy(srcFilePath,destFilePath,true);


I went ahead and granted FULL CONTROL to the "EVERYONE" group, but still got the security error.

What am I missing?

IIS 5.5; WinXP  

Will be moving to Server 2003 IIS 6
0
_TAD_
Asked:
_TAD_
  • 5
1 Solution
 
_TAD_Author Commented:
Here's the full error:



Access to the path "c:\inetpub\wwwroot\ComputerAccessRemoval\Uploads\Access_Removal_Form.pdf" is denied.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.UnauthorizedAccessException: Access to the path "c:\inetpub\wwwroot\ComputerAccessRemoval\Uploads\Access_Removal_Form.pdf" is denied.

ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6) that is used if the application is not impersonating. If the application is impersonating via <identity impersonate="true"/>, the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user.

To grant ASP.NET write access to a file, right-click the file in Explorer, choose "Properties" and select the Security tab. Click "Add" to add the appropriate user or group. Highlight the ASP.NET account, and check the boxes for the desired access.

Source Error:


Line 64:                         string srcFilePath = Server.MapPath("Data") + "\\" +  "Access_Removal_Form.pdf";
Line 65:                         string destFilePath = Server.MapPath("Uploads") + "\\" +  "Access_Removal_Form.pdf";
Line 66:                         File.Copy(srcFilePath,destFilePath,true);

 
0
 
_TAD_Author Commented:

oh yeah, and the MACHINE\ASPNET account also has full access to both directories.
0
 
_TAD_Author Commented:



Ok, I have SOLVED the problem.  Or at least I have a workaround.



By adding <identity impersonate="true" /> to my web config, everything works just ducky.




I am still offering 500 pts to anyone who can explain this to me.  I understand that by using impersonate I should no longer be using the ASPNET account (or Network Services in IIS 6), but rather the IUSER_ account (likewise if I set up anonymous access, I'd be using the IWAM_ Account).

But my ASPNET account already had full access to these directories.  it should have worked.

Why did it not?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
TheMegaLoserCommented:
Do Access_Removal_Form.pdf already exists in the Uploads directory? If so, check that it has inherited the rights from the directory.
0
 
_TAD_Author Commented:
The file exists in the Data Directory, and I want to create a copy in the Uploads directory.

I have forced security on the folders for all users to have full control for all folders, subfolders and files.  

The process still failed.  It was only successfull after I addedd the <identity impersonate=true />

I am inclined to believe that there must be some inate restriction within IIS to prevent the ASPNET user from affecting any files on the server (some kind of security measure), but that seems redundant given all of the other security hoops I'd had to jump through.

0
 
_TAD_Author Commented:


clearly there is no interest in this question.  So I've opted to close it.


Sorry about the 'C', but I'd rather award *some* points instead of having the Q deleted.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now