Solved

ASPX - Move Files on Server (security?)

Posted on 2006-06-14
6
264 Views
Last Modified: 2012-06-27
This should be straight forward, I'm not sure why I'm having problems.

I have two folders:
   C:\inetpub\wwwroot\ApplicationName\Data\
   C:\inetpub\wwwroot\ApplicationName\Uploads\

The IUSER_ and IWAM_ accounts have full access to these folders.

The following code fails with an access denied error.

string srcFilePath = Server.MapPath("Data") + "\\" +  "Access_Removal_Form.pdf";
string destFilePath = Server.MapPath("Uploads") + "\\" +  "Access_Removal_Form.pdf";
File.Copy(srcFilePath,destFilePath,true);


I went ahead and granted FULL CONTROL to the "EVERYONE" group, but still got the security error.

What am I missing?

IIS 5.5; WinXP  

Will be moving to Server 2003 IIS 6
0
Comment
Question by:_TAD_
  • 5
6 Comments
 
LVL 22

Author Comment

by:_TAD_
ID: 16903062
Here's the full error:



Access to the path "c:\inetpub\wwwroot\ComputerAccessRemoval\Uploads\Access_Removal_Form.pdf" is denied.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.UnauthorizedAccessException: Access to the path "c:\inetpub\wwwroot\ComputerAccessRemoval\Uploads\Access_Removal_Form.pdf" is denied.

ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6) that is used if the application is not impersonating. If the application is impersonating via <identity impersonate="true"/>, the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user.

To grant ASP.NET write access to a file, right-click the file in Explorer, choose "Properties" and select the Security tab. Click "Add" to add the appropriate user or group. Highlight the ASP.NET account, and check the boxes for the desired access.

Source Error:


Line 64:                         string srcFilePath = Server.MapPath("Data") + "\\" +  "Access_Removal_Form.pdf";
Line 65:                         string destFilePath = Server.MapPath("Uploads") + "\\" +  "Access_Removal_Form.pdf";
Line 66:                         File.Copy(srcFilePath,destFilePath,true);

 
0
 
LVL 22

Author Comment

by:_TAD_
ID: 16903069

oh yeah, and the MACHINE\ASPNET account also has full access to both directories.
0
 
LVL 22

Author Comment

by:_TAD_
ID: 16904646



Ok, I have SOLVED the problem.  Or at least I have a workaround.



By adding <identity impersonate="true" /> to my web config, everything works just ducky.




I am still offering 500 pts to anyone who can explain this to me.  I understand that by using impersonate I should no longer be using the ASPNET account (or Network Services in IIS 6), but rather the IUSER_ account (likewise if I set up anonymous access, I'd be using the IWAM_ Account).

But my ASPNET account already had full access to these directories.  it should have worked.

Why did it not?
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 12

Accepted Solution

by:
TheMegaLoser earned 500 total points
ID: 16904700
Do Access_Removal_Form.pdf already exists in the Uploads directory? If so, check that it has inherited the rights from the directory.
0
 
LVL 22

Author Comment

by:_TAD_
ID: 16905368
The file exists in the Data Directory, and I want to create a copy in the Uploads directory.

I have forced security on the folders for all users to have full control for all folders, subfolders and files.  

The process still failed.  It was only successfull after I addedd the <identity impersonate=true />

I am inclined to believe that there must be some inate restriction within IIS to prevent the ASPNET user from affecting any files on the server (some kind of security measure), but that seems redundant given all of the other security hoops I'd had to jump through.

0
 
LVL 22

Author Comment

by:_TAD_
ID: 16923966


clearly there is no interest in this question.  So I've opted to close it.


Sorry about the 'C', but I'd rather award *some* points instead of having the Q deleted.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Introduction Although it is an old technology, serial ports are still being used by many hardware manufacturers. If you develop applications in C#, Microsoft .NET framework has SerialPort class to communicate with the serial ports.  I needed to…
Calculating holidays and working days is a function that is often needed yet it is not one found within the Framework. This article presents one approach to building a working-day calculator for use in .NET.
This video discusses moving either the default database or any database to a new volume.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now