We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now


ASP File Upload FileSystemObject Permission Denied

Medium Priority
Last Modified: 2012-05-07
I cannot seem to wrap my head around this so I need some help.

Ultimately, I need to upload a file with ASP to a remote file store server (all within my corporate network - just a different server from the web server).

First, I am using FreeASPUpload to do the upload - found on the web for free and shown below.

Second, I have a virtual directory set up on IIS pointing to the remote file share. The anonymous permissions are configured for a domain account that has Read/Write/Modify access to the remote file server.

I have the upload script working perfectly when uploading to the web server. When I tried changing it to the virtual directory I kept getting Permission Denied and I could not figure out why. After some reading about the FreeASPUpload script I found out that it cannot upload to a virtual directory, for whatever reason. They blame it on the ADODB.Stream procedure.

So I am trying to create a work-a-round. What I did was upload the file to the local web server - which works fine - and then I am using FileSystemObject to copy the file to the virtual directory and delete it from the web server. In essence I am using the web server as a transfer point.

If I just take the FileSystemObject code attached and run it independently as its own script, in its own web browser window, the file gets copied to the virtual directory and deleted from the web server just fine. However, if I try to run the script as part of the FreeASPUpload procedure or even from within the same browser window I get "Permission Denied".

So I was thinking that for some reason the file upload was doing something to the permissions on my session so the IIS server no longer knew who I was (even though it is suppose to be using the anonymous user account specified) which doesn't make any sense. So I tried running the FreeASPUpload script, and then using JavaScript to popup a new browser window to run the FileSystemObject script and then close the browser window. I still get Permission Denied in the popup page. But if I take the URL from the popup page and manually open a new browser window, paste the URL and hit enter the code runs fine. I even tried delaying the opening of the popup page thinking the upload might be taking a second that that didn't help.

I cannot figure this out and it is driving me nuts. Any ideas?
Dim uploadsDirRemote, uploadsDirLocal, filename
uploadsDirLocal = Server.MapPath("\") & "\Public\doc_transfer\"
If request.querystring("interface") = "Event" Then
uploadsDirRemote = Server.MapPath("/Remote/public_files/") & "\DeptStorage\Files\" & request.querystring("id") & "\"
End If
filename = request.querystring("filename")
response.write uploadsDirRemote
    Set fs = Server.CreateObject("Scripting.FileSystemObject")
    If fs.FolderExists(uploadsDirRemote) = true then
    'Folder already exists, do not create folder
    End If
    Set f = fs.GetFile(uploadsDirLocal & filename)
    f.Copy uploadsDirRemote & "\" & filename,true
    Set f = Nothing
    '### DELETE TEMP FILE ###
    fs.CreateTextFile uploadsDirLocal & filename,True
    If fs.FileExists(uploadsDirLocal & filename) then
    fs.DeleteFile(uploadsDirLocal & filename)
    End If
    Set fs = Nothing
<%@ Language=VBScript %>
option explicit 
Response.Expires = -1
Server.ScriptTimeout = 600
<!-- #include file="..\database_connect\mssql_connect.asp" -->
Class FreeASPUpload
	Public UploadedFiles
	Public FormElements
	Private VarArrayBinRequest
	Private StreamRequest
	Private uploadedYet
	Private Sub Class_Initialize()
		Set UploadedFiles = Server.CreateObject("Scripting.Dictionary")
		Set FormElements = Server.CreateObject("Scripting.Dictionary")
		Set StreamRequest = Server.CreateObject("ADODB.Stream")
		StreamRequest.Type = 1 'adTypeBinary
		uploadedYet = false
	End Sub
	Private Sub Class_Terminate()
		If IsObject(UploadedFiles) Then
			Set UploadedFiles = Nothing
		End If
		If IsObject(FormElements) Then
			Set FormElements = Nothing
		End If
		Set StreamRequest = Nothing
	End Sub
	Public Property Get Form(sIndex)
		Form = ""
		If FormElements.Exists(LCase(sIndex)) Then Form = FormElements.Item(LCase(sIndex))
	End Property
	Public Property Get Files()
		Files = UploadedFiles.Items
	End Property
	'Calls Upload to extract the data from the binary request and then saves the uploaded files
' ///// START OF CUSTOM CODE /////
	Public Function FilesSave(path, linkid, interface)
		Dim streamFile, fileItem, SQL, record_check, rs, total, rs1, SQL1, doctitle
		doctitle = Request.QueryString("title")
		if Right(path, 1) <> "\" then path = path & "\"
		if not uploadedYet then Upload
		For Each fileItem In UploadedFiles.Items
			Set streamFile = Server.CreateObject("ADODB.Stream")
			streamFile.Type = 1
			StreamRequest.CopyTo streamFile, fileItem.Length
			streamFile.SaveToFile path & fileItem.FileName, 2
			Set streamFile = Nothing
			Response.Write "<SCRIPT type='text/javascript'>self.setTimeout('window.open(\'../Modules/upload_sub.asp?id=" & linkid & "&interface=" & interface & "&filename=" & fileItem.FileName & "&title=" & doctitle & "&size=" & fileItem.Length & "\');$(\'#uploading\').hide();$(\'#fileresults\').show();', 10000)</SCRIPT>"
'Response.Redirect "../Modules/upload_sub.asp?id=" & linkid & "&interface=" & interface & "&filename=" & fileItem.FileName & "&title=" & doctitle & "&size=" & fileItem.Length
			response.write "<span id=fileresults><br><B>File uploaded successfully!</B><br><br><br><table><tr><td><u>File Details</u><br>"
			response.write "File Title: " & doctitle & "<br>File Name: " & fileItem.FileName & " <br>File Size: " & fileItem.Length & " Bytes</td></tr></table></span>"
	End Function
' ///// END OF CUSTOM CODE /////
	Public Function SaveBinRequest(path) ' For debugging purposes
		StreamRequest.SaveToFile path & "\debugStream.bin", 2
	End Function
	Public Sub DumpData() 'only works if files are plain text
		Dim i, aKeys, f
		response.write "Form Items:<br>"
		aKeys = FormElements.Keys
		For i = 0 To FormElements.Count -1 ' Iterate the array
			response.write aKeys(i) & " = " & FormElements.Item(aKeys(i)) & "<BR>"
		response.write "Uploaded Files:<br>"
		For Each f In UploadedFiles.Items
			response.write "Name: " & f.FileName & "<br>"
			response.write "Type: " & f.ContentType & "<br>"
			response.write "Start: " & f.Start & "<br>"
			response.write "Size: " & f.Length & "<br>"
   	End Sub
	Private Sub Upload()
		Dim nCurPos, nDataBoundPos, nLastSepPos
		Dim nPosFile, nPosBound
		Dim sFieldName, osPathSep, auxStr
		'RFC1867 Tokens
		Dim vDataSep
		Dim tNewLine, tDoubleQuotes, tTerm, tFilename, tName, tContentDisp, tContentType
		tNewLine = Byte2String(Chr(13))
		tDoubleQuotes = Byte2String(Chr(34))
		tTerm = Byte2String("--")
		tFilename = Byte2String("filename=""")
		tName = Byte2String("name=""")
		tContentDisp = Byte2String("Content-Disposition")
		tContentType = Byte2String("Content-Type:")
		uploadedYet = true
		on error resume next
		VarArrayBinRequest = Request.BinaryRead(Request.TotalBytes)
		if Err.Number <> 0 then 
			response.write "<br><br><B>System reported this error:</B><p>"
			response.write Err.Description & "<p>"
			response.write "The most likely cause for this error is the incorrect setup of AspMaxRequestEntityAllowed in IIS MetaBase. Please see instructions in the <A HREF='http://www.freeaspupload.net/freeaspupload/requirements.asp'>requirements page of freeaspupload.net</A>.<p>"
			Exit Sub
		end if
		on error goto 0 'reset error handling
		nCurPos = FindToken(tNewLine,1) 'Note: nCurPos is 1-based (and so is InstrB, MidB, etc)
		If nCurPos <= 1  Then Exit Sub
		'vDataSep is a separator like -----------------------------21763138716045
		vDataSep = MidB(VarArrayBinRequest, 1, nCurPos-1)
		'Start of current separator
		nDataBoundPos = 1
		'Beginning of last line
		nLastSepPos = FindToken(vDataSep & tTerm, 1)
		Do Until nDataBoundPos = nLastSepPos
			nCurPos = SkipToken(tContentDisp, nDataBoundPos)
			nCurPos = SkipToken(tName, nCurPos)
			sFieldName = ExtractField(tDoubleQuotes, nCurPos)
			nPosFile = FindToken(tFilename, nCurPos)
			nPosBound = FindToken(vDataSep, nCurPos)
			If nPosFile <> 0 And  nPosFile < nPosBound Then
				Dim oUploadFile
				Set oUploadFile = New UploadedFile
				nCurPos = SkipToken(tFilename, nCurPos)
				auxStr = ExtractField(tDoubleQuotes, nCurPos)
                ' We are interested only in the name of the file, not the whole path
                ' Path separator is \ in windows, / in UNIX
                ' While IE seems to put the whole pathname in the stream, Mozilla seem to 
                ' only put the actual file name, so UNIX paths may be rare. But not impossible.
                osPathSep = "\"
                if InStr(auxStr, osPathSep) = 0 then osPathSep = "/"
				oUploadFile.FileName = Right(auxStr, Len(auxStr)-InStrRev(auxStr, osPathSep))
				if (Len(oUploadFile.FileName) > 0) then 'File field not left empty
					nCurPos = SkipToken(tContentType, nCurPos)
                    auxStr = ExtractField(tNewLine, nCurPos)
                    ' NN on UNIX puts things like this in the streaa:
                    '    ?? python py type=?? python application/x-python
					oUploadFile.ContentType = Right(auxStr, Len(auxStr)-InStrRev(auxStr, " "))
					nCurPos = FindToken(tNewLine, nCurPos) + 4 'skip empty line
					oUploadFile.Start = nCurPos-1
					oUploadFile.Length = FindToken(vDataSep, nCurPos) - 2 - nCurPos
					If oUploadFile.Length > 0 Then UploadedFiles.Add LCase(sFieldName), oUploadFile
				End If
				Dim nEndOfData
				nCurPos = FindToken(tNewLine, nCurPos) + 4 'skip empty line
				nEndOfData = FindToken(vDataSep, nCurPos) - 2
				If Not FormElements.Exists(LCase(sFieldName)) Then 
					FormElements.Add LCase(sFieldName), String2Byte(MidB(VarArrayBinRequest, nCurPos, nEndOfData-nCurPos))
                    FormElements.Item(LCase(sFieldName))= FormElements.Item(LCase(sFieldName)) & ", " & String2Byte(MidB(VarArrayBinRequest, nCurPos, nEndOfData-nCurPos)) 
                end if 
			End If
			'Advance to next separator
			nDataBoundPos = FindToken(vDataSep, nCurPos)
	End Sub
	Private Function SkipToken(sToken, nStart)
		SkipToken = InstrB(nStart, VarArrayBinRequest, sToken)
		If SkipToken = 0 then
			Response.write "Error in parsing uploaded binary request."
		end if
		SkipToken = SkipToken + LenB(sToken)
	End Function
	Private Function FindToken(sToken, nStart)
		FindToken = InstrB(nStart, VarArrayBinRequest, sToken)
	End Function
	Private Function ExtractField(sToken, nStart)
		Dim nEnd
		nEnd = InstrB(nStart, VarArrayBinRequest, sToken)
		If nEnd = 0 then
			Response.write "Error in parsing uploaded binary request."
		end if
		ExtractField = String2Byte(MidB(VarArrayBinRequest, nStart, nEnd-nStart))
	End Function
	'String to byte string conversion
	Private Function Byte2String(sString)
		Dim i
		For i = 1 to Len(sString)
		   Byte2String = Byte2String & ChrB(AscB(Mid(sString,i,1)))
	End Function
	'Byte string to string conversion
	Private Function String2Byte(bsString)
		Dim i
		String2Byte =""
		For i = 1 to LenB(bsString)
		   String2Byte = String2Byte & Chr(AscB(MidB(bsString,i,1))) 
	End Function
End Class
Class UploadedFile
	Public ContentType
	Public Start
	Public Length
	Public Path
	Private nameOfFile
    ' Need to remove characters that are valid in UNIX, but not in Windows
    Public Property Let FileName(fN)
        nameOfFile = fN
        nameOfFile = SubstNoReg(nameOfFile, "\", "_")
        nameOfFile = SubstNoReg(nameOfFile, "/", "_")
        nameOfFile = SubstNoReg(nameOfFile, ":", "_")
        nameOfFile = SubstNoReg(nameOfFile, "*", "_")
        nameOfFile = SubstNoReg(nameOfFile, "?", "_")
        nameOfFile = SubstNoReg(nameOfFile, """", "_")
        nameOfFile = SubstNoReg(nameOfFile, "<", "_")
        nameOfFile = SubstNoReg(nameOfFile, ">", "_")
        nameOfFile = SubstNoReg(nameOfFile, "|", "_")
    End Property
    Public Property Get FileName()
        FileName = nameOfFile
    End Property
    'Public Property Get FileN()ame
End Class
' Does not depend on RegEx, which is not available on older VBScript
' Is not recursive, which means it will not run out of stack space
Function SubstNoReg(initialStr, oldStr, newStr)
    Dim currentPos, oldStrPos, skip
    If IsNull(initialStr) Or Len(initialStr) = 0 Then
        SubstNoReg = ""
    ElseIf IsNull(oldStr) Or Len(oldStr) = 0 Then
        SubstNoReg = initialStr
        If IsNull(newStr) Then newStr = ""
        currentPos = 1
        oldStrPos = 0
        SubstNoReg = ""
        skip = Len(oldStr)
        Do While currentPos <= Len(initialStr)
            oldStrPos = InStr(currentPos, initialStr, oldStr)
            If oldStrPos = 0 Then
                SubstNoReg = SubstNoReg & Mid(initialStr, currentPos, Len(initialStr) - currentPos + 1)
                currentPos = Len(initialStr) + 1
                SubstNoReg = SubstNoReg & Mid(initialStr, currentPos, oldStrPos - currentPos) & newStr
                currentPos = oldStrPos + skip
            End If
    End If
End Function
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<script type="text/javascript" src="../java/jquery-1.2.6.min.js"></script>
<script type="text/javascript" src="../java/ajax.js"></script>
<script type="text/javascript" src="../java/functions.js"></script>
<link rel="stylesheet" href="../style/default.css">
<% If Request.QueryString("tabupdated") = 2 Then %>
<body onload='$("#fileselected").hide();$("#fileresults").hide();'>
<% Else %>
<body onload='$("#fileselected").hide();'>
<% End If %>
' *********************** START VARIABLE EDIT ***********************
  Dim uploadsDirRemote, uploadsDirLocal
  uploadsDirLocal = Server.MapPath("\") & "\Public\doc_transfer"
' ************************ END VARIABLE EDIT ************************
function OutputForm()
<% Response.Write "<form name='frmSend' method='POST' enctype='multipart/form-data' action='#'>" %>
Enter a file description: <input type="text" size=35 name="doctitle"><br><br>
    Select a document: <input type="button" value="Browse..." class="btn" onmouseover="this.className='btn btnhov'" onmouseout="this.className='btn'"/><input name="attach1" type="file" size=35 class="hidebrowse" onchange="$('#fileselected').show();">
&nbsp;&nbsp;<span id="fileselected"><img src="../images/checkmark.gif" border="0" height="16" width="16"></span>
    <input style="margin-top:4" type=button value="Upload File" onclick="fileuploadverify_events();" class="btn" onmouseover="this.className='btn btnhov'" onmouseout="this.className='btn'"/>
end function
function SaveFiles
    Dim Upload, fileName, fileSize, ks, i, fileKey, fs, f
    Set Upload = New FreeASPUpload
    Upload.FilesSave uploadsDirLocal, request.querystring("id"), "Event"
	' If something fails inside the script, but the exception is handled
	If Err.Number<>0 then Exit function
    SaveFiles = ""
    ks = Upload.UploadedFiles.keys
    if (UBound(ks) <> -1) then
      SaveFiles = "<br>The file you have entered does not appear to be valid or already exists. Please select another file."
    end if
end function
Dim diagnostics
if Request.ServerVariables("REQUEST_METHOD") <> "POST" then
        response.write "<div align=""center"">"
        response.write "</div>"
    response.write "<div align=""center"">"
If Request.QueryString("tabupdated") = 2 Then
    response.write SaveFiles()
<span id="uploading">
      <div align="center"><font size="2" face="Arial, Helvetica, sans-serif"> 
          <image src="../images/indicator.gif" border="0"> <i>Uploading File... Please Wait.</i>
End If
    response.write "<br><br></div>"
End If

Open in new window

Watch Question


Welcome to the fun world of MS permissions!
If you are copying the file from one server to another using an ASP file then IIS is using the anonymous account of the web server to execute the code.  This being the case IUSR_<server name> being a local account on the server does not have permissions to any network resources.

THe easiest way to do this is to create a local account on the IIS server and one on the file server with the same name and password (or use a domain account if both machines are members of the same domain) and then grant the account appropriate NTFS and share persmissions on the file server and over ride the anonymous ID for the directory (or you might be able to do it at the file level and do it just for this page) with the ID and PW that you just created.  Then when the page runs it will run under that new ID which should now have permissions to access the remote server and directory.


Thanks for the response. But like I said in my post:

"I have a virtual directory set up on IIS pointing to the remote file share. The anonymous permissions are configured for a domain account that has Read/Write/Modify access to the remote file server. "

I am aware of the anonymous user issue on IIS. I already took care of that by using a domain account. The issue I am experiencing is not chronic. If I independently call FileSystemObject to create or move a file to the remote server, it works fine. This tells me the permissions are good. However, if I try to upload to the remove server, I get Permission Denied, Write File Error or a blank response but no upload.

If I upload to the local web server instead, it works fine. Then if I try to call the FileSystemObject for any reason on the remove server, create folder, move file, etc. within a few minutes from when the upload occured I will get Permission Denied, Write File Error, etc. on the remove server. If I literally sit and wait for several minutes after the upload occurs and try the FileSystemObject call again, whatever I was trying to do will run fine.

The upload script is not changing any rights (at least not intentionally) so this is very perplexing.

Sorry for the mis-understanding.
Two things come to mind.
Since you need to access a "remote" network resource make sure that you have impersonation enabled for this directory/site in IIS, otherwise I believe the credentials default to the anonumous machine account, despite what is being used in IIS for anonymous.
The other thing that comes to mind is that it might be trying to use the application pool ID as oppsed to the anonymous account.  You can try changing the logon ID of the app pool to the domain account and see if this works ... I believe you will still need to have impersonation enabled for the site for this to work.

Unlock this solution with a free trial preview.
(No credit card required)
Get Preview
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a free trial preview!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.