Solved

ASPX - Move Files on Server (security?)

Posted on 2006-06-14
6
267 Views
Last Modified: 2012-06-27
This should be straight forward, I'm not sure why I'm having problems.

I have two folders:
   C:\inetpub\wwwroot\ApplicationName\Data\
   C:\inetpub\wwwroot\ApplicationName\Uploads\

The IUSER_ and IWAM_ accounts have full access to these folders.

The following code fails with an access denied error.

string srcFilePath = Server.MapPath("Data") + "\\" +  "Access_Removal_Form.pdf";
string destFilePath = Server.MapPath("Uploads") + "\\" +  "Access_Removal_Form.pdf";
File.Copy(srcFilePath,destFilePath,true);


I went ahead and granted FULL CONTROL to the "EVERYONE" group, but still got the security error.

What am I missing?

IIS 5.5; WinXP  

Will be moving to Server 2003 IIS 6
0
Comment
Question by:_TAD_
  • 5
6 Comments
 
LVL 22

Author Comment

by:_TAD_
ID: 16903062
Here's the full error:



Access to the path "c:\inetpub\wwwroot\ComputerAccessRemoval\Uploads\Access_Removal_Form.pdf" is denied.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.UnauthorizedAccessException: Access to the path "c:\inetpub\wwwroot\ComputerAccessRemoval\Uploads\Access_Removal_Form.pdf" is denied.

ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6) that is used if the application is not impersonating. If the application is impersonating via <identity impersonate="true"/>, the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user.

To grant ASP.NET write access to a file, right-click the file in Explorer, choose "Properties" and select the Security tab. Click "Add" to add the appropriate user or group. Highlight the ASP.NET account, and check the boxes for the desired access.

Source Error:


Line 64:                         string srcFilePath = Server.MapPath("Data") + "\\" +  "Access_Removal_Form.pdf";
Line 65:                         string destFilePath = Server.MapPath("Uploads") + "\\" +  "Access_Removal_Form.pdf";
Line 66:                         File.Copy(srcFilePath,destFilePath,true);

 
0
 
LVL 22

Author Comment

by:_TAD_
ID: 16903069

oh yeah, and the MACHINE\ASPNET account also has full access to both directories.
0
 
LVL 22

Author Comment

by:_TAD_
ID: 16904646



Ok, I have SOLVED the problem.  Or at least I have a workaround.



By adding <identity impersonate="true" /> to my web config, everything works just ducky.




I am still offering 500 pts to anyone who can explain this to me.  I understand that by using impersonate I should no longer be using the ASPNET account (or Network Services in IIS 6), but rather the IUSER_ account (likewise if I set up anonymous access, I'd be using the IWAM_ Account).

But my ASPNET account already had full access to these directories.  it should have worked.

Why did it not?
0
Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

 
LVL 12

Accepted Solution

by:
TheMegaLoser earned 500 total points
ID: 16904700
Do Access_Removal_Form.pdf already exists in the Uploads directory? If so, check that it has inherited the rights from the directory.
0
 
LVL 22

Author Comment

by:_TAD_
ID: 16905368
The file exists in the Data Directory, and I want to create a copy in the Uploads directory.

I have forced security on the folders for all users to have full control for all folders, subfolders and files.  

The process still failed.  It was only successfull after I addedd the <identity impersonate=true />

I am inclined to believe that there must be some inate restriction within IIS to prevent the ASPNET user from affecting any files on the server (some kind of security measure), but that seems redundant given all of the other security hoops I'd had to jump through.

0
 
LVL 22

Author Comment

by:_TAD_
ID: 16923966


clearly there is no interest in this question.  So I've opted to close it.


Sorry about the 'C', but I'd rather award *some* points instead of having the Q deleted.
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

We all know that functional code is the leg that any good program stands on when it comes right down to it, however, if your program lacks a good user interface your product may not have the appeal needed to keep your customers happy. This issue can…
Calculating holidays and working days is a function that is often needed yet it is not one found within the Framework. This article presents one approach to building a working-day calculator for use in .NET.
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now