Solved

ASPX - Move Files on Server (security?)

Posted on 2006-06-14
6
266 Views
Last Modified: 2012-06-27
This should be straight forward, I'm not sure why I'm having problems.

I have two folders:
   C:\inetpub\wwwroot\ApplicationName\Data\
   C:\inetpub\wwwroot\ApplicationName\Uploads\

The IUSER_ and IWAM_ accounts have full access to these folders.

The following code fails with an access denied error.

string srcFilePath = Server.MapPath("Data") + "\\" +  "Access_Removal_Form.pdf";
string destFilePath = Server.MapPath("Uploads") + "\\" +  "Access_Removal_Form.pdf";
File.Copy(srcFilePath,destFilePath,true);


I went ahead and granted FULL CONTROL to the "EVERYONE" group, but still got the security error.

What am I missing?

IIS 5.5; WinXP  

Will be moving to Server 2003 IIS 6
0
Comment
Question by:_TAD_
  • 5
6 Comments
 
LVL 22

Author Comment

by:_TAD_
ID: 16903062
Here's the full error:



Access to the path "c:\inetpub\wwwroot\ComputerAccessRemoval\Uploads\Access_Removal_Form.pdf" is denied.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.UnauthorizedAccessException: Access to the path "c:\inetpub\wwwroot\ComputerAccessRemoval\Uploads\Access_Removal_Form.pdf" is denied.

ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6) that is used if the application is not impersonating. If the application is impersonating via <identity impersonate="true"/>, the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user.

To grant ASP.NET write access to a file, right-click the file in Explorer, choose "Properties" and select the Security tab. Click "Add" to add the appropriate user or group. Highlight the ASP.NET account, and check the boxes for the desired access.

Source Error:


Line 64:                         string srcFilePath = Server.MapPath("Data") + "\\" +  "Access_Removal_Form.pdf";
Line 65:                         string destFilePath = Server.MapPath("Uploads") + "\\" +  "Access_Removal_Form.pdf";
Line 66:                         File.Copy(srcFilePath,destFilePath,true);

 
0
 
LVL 22

Author Comment

by:_TAD_
ID: 16903069

oh yeah, and the MACHINE\ASPNET account also has full access to both directories.
0
 
LVL 22

Author Comment

by:_TAD_
ID: 16904646



Ok, I have SOLVED the problem.  Or at least I have a workaround.



By adding <identity impersonate="true" /> to my web config, everything works just ducky.




I am still offering 500 pts to anyone who can explain this to me.  I understand that by using impersonate I should no longer be using the ASPNET account (or Network Services in IIS 6), but rather the IUSER_ account (likewise if I set up anonymous access, I'd be using the IWAM_ Account).

But my ASPNET account already had full access to these directories.  it should have worked.

Why did it not?
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 12

Accepted Solution

by:
TheMegaLoser earned 500 total points
ID: 16904700
Do Access_Removal_Form.pdf already exists in the Uploads directory? If so, check that it has inherited the rights from the directory.
0
 
LVL 22

Author Comment

by:_TAD_
ID: 16905368
The file exists in the Data Directory, and I want to create a copy in the Uploads directory.

I have forced security on the folders for all users to have full control for all folders, subfolders and files.  

The process still failed.  It was only successfull after I addedd the <identity impersonate=true />

I am inclined to believe that there must be some inate restriction within IIS to prevent the ASPNET user from affecting any files on the server (some kind of security measure), but that seems redundant given all of the other security hoops I'd had to jump through.

0
 
LVL 22

Author Comment

by:_TAD_
ID: 16923966


clearly there is no interest in this question.  So I've opted to close it.


Sorry about the 'C', but I'd rather award *some* points instead of having the Q deleted.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Linq Help 1 35
Error in JQuery 5 39
Page navigation in windows phone 8.1 application not working. 5 19
designing in object programming 12 52
Introduction                                                 Was the var keyword really only brought out to shorten your syntax? Or have the VB language guys got their way in C#? What type of variable is it? All will be revealed.   Also called…
Exception Handling is in the core of any application that is able to dignify its name. In this article, I'll guide you through the process of writing a DRY (Don't Repeat Yourself) Exception Handling mechanism, using Aspect Oriented Programming.
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now