Solved

ASP File Upload FileSystemObject Permission Denied

Posted on 2009-07-03
4
2,511 Views
Last Modified: 2012-05-07
I cannot seem to wrap my head around this so I need some help.

Ultimately, I need to upload a file with ASP to a remote file store server (all within my corporate network - just a different server from the web server).

First, I am using FreeASPUpload to do the upload - found on the web for free and shown below.

Second, I have a virtual directory set up on IIS pointing to the remote file share. The anonymous permissions are configured for a domain account that has Read/Write/Modify access to the remote file server.

I have the upload script working perfectly when uploading to the web server. When I tried changing it to the virtual directory I kept getting Permission Denied and I could not figure out why. After some reading about the FreeASPUpload script I found out that it cannot upload to a virtual directory, for whatever reason. They blame it on the ADODB.Stream procedure.

So I am trying to create a work-a-round. What I did was upload the file to the local web server - which works fine - and then I am using FileSystemObject to copy the file to the virtual directory and delete it from the web server. In essence I am using the web server as a transfer point.

If I just take the FileSystemObject code attached and run it independently as its own script, in its own web browser window, the file gets copied to the virtual directory and deleted from the web server just fine. However, if I try to run the script as part of the FreeASPUpload procedure or even from within the same browser window I get "Permission Denied".

So I was thinking that for some reason the file upload was doing something to the permissions on my session so the IIS server no longer knew who I was (even though it is suppose to be using the anonymous user account specified) which doesn't make any sense. So I tried running the FreeASPUpload script, and then using JavaScript to popup a new browser window to run the FileSystemObject script and then close the browser window. I still get Permission Denied in the popup page. But if I take the URL from the popup page and manually open a new browser window, paste the URL and hit enter the code runs fine. I even tried delaying the opening of the popup page thinking the upload might be taking a second that that didn't help.

I cannot figure this out and it is driving me nuts. Any ideas?
/// FILESYSTEMOBJECT CODE ///
 
<%
Dim uploadsDirRemote, uploadsDirLocal, filename
uploadsDirLocal = Server.MapPath("\") & "\Public\doc_transfer\"
If request.querystring("interface") = "Event" Then
uploadsDirRemote = Server.MapPath("/Remote/public_files/") & "\DeptStorage\Files\" & request.querystring("id") & "\"
End If
filename = request.querystring("filename")
 
response.write uploadsDirRemote
 
    '### CREATE REMOTE STORAGE FOLDER ###
    Set fs = Server.CreateObject("Scripting.FileSystemObject")
    If fs.FolderExists(uploadsDirRemote) = true then
    'Folder already exists, do not create folder
    Else
    fs.createfolder(uploadsDirRemote) 
    End If
    '### TRANSFER TEMP FILE TO REMOTE STORAGE ###
    Set f = fs.GetFile(uploadsDirLocal & filename)
    f.Copy uploadsDirRemote & "\" & filename,true
    Set f = Nothing
    '### DELETE TEMP FILE ###
    fs.CreateTextFile uploadsDirLocal & filename,True
    If fs.FileExists(uploadsDirLocal & filename) then
    fs.DeleteFile(uploadsDirLocal & filename)
    End If
    Set fs = Nothing
Response.Write("<SCRIPT>window.close()</SCRIPT>")
%>
 
 
/// FREEASPUPLOAD CODE ///
 
<%@ Language=VBScript %>
<% 
option explicit 
Response.Expires = -1
Server.ScriptTimeout = 600
%>
<!-- #include file="..\database_connect\mssql_connect.asp" -->
 
<%
Class FreeASPUpload
	Public UploadedFiles
	Public FormElements
 
	Private VarArrayBinRequest
	Private StreamRequest
	Private uploadedYet
 
	Private Sub Class_Initialize()
		Set UploadedFiles = Server.CreateObject("Scripting.Dictionary")
		Set FormElements = Server.CreateObject("Scripting.Dictionary")
		Set StreamRequest = Server.CreateObject("ADODB.Stream")
		StreamRequest.Type = 1 'adTypeBinary
		StreamRequest.Open
		uploadedYet = false
	End Sub
	
	Private Sub Class_Terminate()
		If IsObject(UploadedFiles) Then
			UploadedFiles.RemoveAll()
			Set UploadedFiles = Nothing
		End If
		If IsObject(FormElements) Then
			FormElements.RemoveAll()
			Set FormElements = Nothing
		End If
		StreamRequest.Close
		Set StreamRequest = Nothing
	End Sub
 
	Public Property Get Form(sIndex)
		Form = ""
		If FormElements.Exists(LCase(sIndex)) Then Form = FormElements.Item(LCase(sIndex))
	End Property
 
	Public Property Get Files()
		Files = UploadedFiles.Items
	End Property
 
	'Calls Upload to extract the data from the binary request and then saves the uploaded files
 
' ///// START OF CUSTOM CODE /////
 
	Public Function FilesSave(path, linkid, interface)
		Dim streamFile, fileItem, SQL, record_check, rs, total, rs1, SQL1, doctitle
 
		doctitle = Request.QueryString("title")
 
		if Right(path, 1) <> "\" then path = path & "\"
 
		if not uploadedYet then Upload
 
		For Each fileItem In UploadedFiles.Items
			Set streamFile = Server.CreateObject("ADODB.Stream")
			streamFile.Type = 1
			streamFile.Open
			StreamRequest.Position=fileItem.Start
			StreamRequest.CopyTo streamFile, fileItem.Length
			streamFile.SaveToFile path & fileItem.FileName, 2
			streamFile.close
			Set streamFile = Nothing
			Response.Write "<SCRIPT type='text/javascript'>self.setTimeout('window.open(\'../Modules/upload_sub.asp?id=" & linkid & "&interface=" & interface & "&filename=" & fileItem.FileName & "&title=" & doctitle & "&size=" & fileItem.Length & "\');$(\'#uploading\').hide();$(\'#fileresults\').show();', 10000)</SCRIPT>"
'Response.Redirect "../Modules/upload_sub.asp?id=" & linkid & "&interface=" & interface & "&filename=" & fileItem.FileName & "&title=" & doctitle & "&size=" & fileItem.Length
			response.write "<span id=fileresults><br><B>File uploaded successfully!</B><br><br><br><table><tr><td><u>File Details</u><br>"
			response.write "File Title: " & doctitle & "<br>File Name: " & fileItem.FileName & " <br>File Size: " & fileItem.Length & " Bytes</td></tr></table></span>"
		 Next
	End Function
 
' ///// END OF CUSTOM CODE /////
 
	Public Function SaveBinRequest(path) ' For debugging purposes
		StreamRequest.SaveToFile path & "\debugStream.bin", 2
	End Function
 
	Public Sub DumpData() 'only works if files are plain text
		Dim i, aKeys, f
		response.write "Form Items:<br>"
		aKeys = FormElements.Keys
		For i = 0 To FormElements.Count -1 ' Iterate the array
			response.write aKeys(i) & " = " & FormElements.Item(aKeys(i)) & "<BR>"
		Next
		response.write "Uploaded Files:<br>"
		For Each f In UploadedFiles.Items
			response.write "Name: " & f.FileName & "<br>"
			response.write "Type: " & f.ContentType & "<br>"
			response.write "Start: " & f.Start & "<br>"
			response.write "Size: " & f.Length & "<br>"
		 Next
   	End Sub
 
	Private Sub Upload()
		Dim nCurPos, nDataBoundPos, nLastSepPos
		Dim nPosFile, nPosBound
		Dim sFieldName, osPathSep, auxStr
 
		'RFC1867 Tokens
		Dim vDataSep
		Dim tNewLine, tDoubleQuotes, tTerm, tFilename, tName, tContentDisp, tContentType
		tNewLine = Byte2String(Chr(13))
		tDoubleQuotes = Byte2String(Chr(34))
		tTerm = Byte2String("--")
		tFilename = Byte2String("filename=""")
		tName = Byte2String("name=""")
		tContentDisp = Byte2String("Content-Disposition")
		tContentType = Byte2String("Content-Type:")
 
		uploadedYet = true
 
		on error resume next
		VarArrayBinRequest = Request.BinaryRead(Request.TotalBytes)
		if Err.Number <> 0 then 
			response.write "<br><br><B>System reported this error:</B><p>"
			response.write Err.Description & "<p>"
			response.write "The most likely cause for this error is the incorrect setup of AspMaxRequestEntityAllowed in IIS MetaBase. Please see instructions in the <A HREF='http://www.freeaspupload.net/freeaspupload/requirements.asp'>requirements page of freeaspupload.net</A>.<p>"
			Exit Sub
		end if
		on error goto 0 'reset error handling
 
		nCurPos = FindToken(tNewLine,1) 'Note: nCurPos is 1-based (and so is InstrB, MidB, etc)
 
		If nCurPos <= 1  Then Exit Sub
		 
		'vDataSep is a separator like -----------------------------21763138716045
		vDataSep = MidB(VarArrayBinRequest, 1, nCurPos-1)
 
		'Start of current separator
		nDataBoundPos = 1
 
		'Beginning of last line
		nLastSepPos = FindToken(vDataSep & tTerm, 1)
 
		Do Until nDataBoundPos = nLastSepPos
			
			nCurPos = SkipToken(tContentDisp, nDataBoundPos)
			nCurPos = SkipToken(tName, nCurPos)
			sFieldName = ExtractField(tDoubleQuotes, nCurPos)
 
			nPosFile = FindToken(tFilename, nCurPos)
			nPosBound = FindToken(vDataSep, nCurPos)
			
			If nPosFile <> 0 And  nPosFile < nPosBound Then
				Dim oUploadFile
				Set oUploadFile = New UploadedFile
				
				nCurPos = SkipToken(tFilename, nCurPos)
				auxStr = ExtractField(tDoubleQuotes, nCurPos)
                ' We are interested only in the name of the file, not the whole path
                ' Path separator is \ in windows, / in UNIX
                ' While IE seems to put the whole pathname in the stream, Mozilla seem to 
                ' only put the actual file name, so UNIX paths may be rare. But not impossible.
                osPathSep = "\"
                if InStr(auxStr, osPathSep) = 0 then osPathSep = "/"
				oUploadFile.FileName = Right(auxStr, Len(auxStr)-InStrRev(auxStr, osPathSep))
 
				if (Len(oUploadFile.FileName) > 0) then 'File field not left empty
					nCurPos = SkipToken(tContentType, nCurPos)
					
                    auxStr = ExtractField(tNewLine, nCurPos)
                    ' NN on UNIX puts things like this in the streaa:
                    '    ?? python py type=?? python application/x-python
					oUploadFile.ContentType = Right(auxStr, Len(auxStr)-InStrRev(auxStr, " "))
					nCurPos = FindToken(tNewLine, nCurPos) + 4 'skip empty line
					
					oUploadFile.Start = nCurPos-1
					oUploadFile.Length = FindToken(vDataSep, nCurPos) - 2 - nCurPos
					
					If oUploadFile.Length > 0 Then UploadedFiles.Add LCase(sFieldName), oUploadFile
				End If
			Else
				Dim nEndOfData
				nCurPos = FindToken(tNewLine, nCurPos) + 4 'skip empty line
				nEndOfData = FindToken(vDataSep, nCurPos) - 2
				If Not FormElements.Exists(LCase(sFieldName)) Then 
					FormElements.Add LCase(sFieldName), String2Byte(MidB(VarArrayBinRequest, nCurPos, nEndOfData-nCurPos))
				else
                    FormElements.Item(LCase(sFieldName))= FormElements.Item(LCase(sFieldName)) & ", " & String2Byte(MidB(VarArrayBinRequest, nCurPos, nEndOfData-nCurPos)) 
                end if 
 
			End If
 
			'Advance to next separator
			nDataBoundPos = FindToken(vDataSep, nCurPos)
		Loop
		StreamRequest.Write(VarArrayBinRequest)
	End Sub
 
	Private Function SkipToken(sToken, nStart)
		SkipToken = InstrB(nStart, VarArrayBinRequest, sToken)
		If SkipToken = 0 then
			Response.write "Error in parsing uploaded binary request."
			Response.End
		end if
		SkipToken = SkipToken + LenB(sToken)
	End Function
 
	Private Function FindToken(sToken, nStart)
		FindToken = InstrB(nStart, VarArrayBinRequest, sToken)
	End Function
 
	Private Function ExtractField(sToken, nStart)
		Dim nEnd
		nEnd = InstrB(nStart, VarArrayBinRequest, sToken)
		If nEnd = 0 then
			Response.write "Error in parsing uploaded binary request."
			Response.End
		end if
		ExtractField = String2Byte(MidB(VarArrayBinRequest, nStart, nEnd-nStart))
	End Function
 
	'String to byte string conversion
	Private Function Byte2String(sString)
		Dim i
		For i = 1 to Len(sString)
		   Byte2String = Byte2String & ChrB(AscB(Mid(sString,i,1)))
		Next
	End Function
 
	'Byte string to string conversion
	Private Function String2Byte(bsString)
		Dim i
		String2Byte =""
		For i = 1 to LenB(bsString)
		   String2Byte = String2Byte & Chr(AscB(MidB(bsString,i,1))) 
		Next
	End Function
End Class
 
Class UploadedFile
	Public ContentType
	Public Start
	Public Length
	Public Path
	Private nameOfFile
 
    ' Need to remove characters that are valid in UNIX, but not in Windows
    Public Property Let FileName(fN)
        nameOfFile = fN
        nameOfFile = SubstNoReg(nameOfFile, "\", "_")
        nameOfFile = SubstNoReg(nameOfFile, "/", "_")
        nameOfFile = SubstNoReg(nameOfFile, ":", "_")
        nameOfFile = SubstNoReg(nameOfFile, "*", "_")
        nameOfFile = SubstNoReg(nameOfFile, "?", "_")
        nameOfFile = SubstNoReg(nameOfFile, """", "_")
        nameOfFile = SubstNoReg(nameOfFile, "<", "_")
        nameOfFile = SubstNoReg(nameOfFile, ">", "_")
        nameOfFile = SubstNoReg(nameOfFile, "|", "_")
    End Property
 
    Public Property Get FileName()
        FileName = nameOfFile
    End Property
 
    'Public Property Get FileN()ame
End Class
 
 
' Does not depend on RegEx, which is not available on older VBScript
' Is not recursive, which means it will not run out of stack space
Function SubstNoReg(initialStr, oldStr, newStr)
    Dim currentPos, oldStrPos, skip
    If IsNull(initialStr) Or Len(initialStr) = 0 Then
        SubstNoReg = ""
    ElseIf IsNull(oldStr) Or Len(oldStr) = 0 Then
        SubstNoReg = initialStr
    Else
        If IsNull(newStr) Then newStr = ""
        currentPos = 1
        oldStrPos = 0
        SubstNoReg = ""
        skip = Len(oldStr)
        Do While currentPos <= Len(initialStr)
            oldStrPos = InStr(currentPos, initialStr, oldStr)
            If oldStrPos = 0 Then
                SubstNoReg = SubstNoReg & Mid(initialStr, currentPos, Len(initialStr) - currentPos + 1)
                currentPos = Len(initialStr) + 1
            Else
                SubstNoReg = SubstNoReg & Mid(initialStr, currentPos, oldStrPos - currentPos) & newStr
                currentPos = oldStrPos + skip
            End If
        Loop
    End If
End Function
%>
 
 
 
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<script type="text/javascript" src="../java/jquery-1.2.6.min.js"></script>
<script type="text/javascript" src="../java/ajax.js"></script>
<script type="text/javascript" src="../java/functions.js"></script>
<link rel="stylesheet" href="../style/default.css">
</head>
 
<% If Request.QueryString("tabupdated") = 2 Then %>
<body onload='$("#fileselected").hide();$("#fileresults").hide();'>
<% Else %>
<body onload='$("#fileselected").hide();'>
<% End If %>
<%
 
 
' *********************** START VARIABLE EDIT ***********************
 
  Dim uploadsDirRemote, uploadsDirLocal
 
  uploadsDirLocal = Server.MapPath("\") & "\Public\doc_transfer"
 
' ************************ END VARIABLE EDIT ************************
 
function OutputForm()
%>
 
 
<% Response.Write "<form name='frmSend' method='POST' enctype='multipart/form-data' action='#'>" %>
 
<center><br><br>
Enter a file description: <input type="text" size=35 name="doctitle"><br><br>
    Select a document: <input type="button" value="Browse..." class="btn" onmouseover="this.className='btn btnhov'" onmouseout="this.className='btn'"/><input name="attach1" type="file" size=35 class="hidebrowse" onchange="$('#fileselected').show();">
&nbsp;&nbsp;<span id="fileselected"><img src="../images/checkmark.gif" border="0" height="16" width="16"></span>
<br><br>
 
    <input style="margin-top:4" type=button value="Upload File" onclick="fileuploadverify_events();" class="btn" onmouseover="this.className='btn btnhov'" onmouseout="this.className='btn'"/>
    </form>
</center>
 
<%
end function
 
function SaveFiles
    Dim Upload, fileName, fileSize, ks, i, fileKey, fs, f
 
    Set Upload = New FreeASPUpload
 
    Upload.FilesSave uploadsDirLocal, request.querystring("id"), "Event"
 
	' If something fails inside the script, but the exception is handled
	If Err.Number<>0 then Exit function
 
    SaveFiles = ""
    ks = Upload.UploadedFiles.keys
 
 
    if (UBound(ks) <> -1) then
 
'
 
    else
      SaveFiles = "<br>The file you have entered does not appear to be valid or already exists. Please select another file."
    end if
 
 
end function
%>
 
<%
Dim diagnostics
if Request.ServerVariables("REQUEST_METHOD") <> "POST" then
        response.write "<div align=""center"">"
        OutputForm()
        response.write "</div>"
else
    response.write "<div align=""center"">"
    OutputForm()
If Request.QueryString("tabupdated") = 2 Then
    response.write SaveFiles()
%>
<span id="uploading">
      <div align="center"><font size="2" face="Arial, Helvetica, sans-serif"> 
          <image src="../images/indicator.gif" border="0"> <i>Uploading File... Please Wait.</i>
          </font></div>
</span>
<%
End If
    response.write "<br><br></div>"
End If
 
%>
 
</body>
</html>

Open in new window

0
Comment
Question by:MDauphinais1
  • 2
  • 2
4 Comments
 
LVL 22

Expert Comment

by:cj_1969
ID: 24784529
Welcome to the fun world of MS permissions!
If you are copying the file from one server to another using an ASP file then IIS is using the anonymous account of the web server to execute the code.  This being the case IUSR_<server name> being a local account on the server does not have permissions to any network resources.

THe easiest way to do this is to create a local account on the IIS server and one on the file server with the same name and password (or use a domain account if both machines are members of the same domain) and then grant the account appropriate NTFS and share persmissions on the file server and over ride the anonymous ID for the directory (or you might be able to do it at the file level and do it just for this page) with the ID and PW that you just created.  Then when the page runs it will run under that new ID which should now have permissions to access the remote server and directory.
0
 

Author Comment

by:MDauphinais1
ID: 24785266
Thanks for the response. But like I said in my post:

"I have a virtual directory set up on IIS pointing to the remote file share. The anonymous permissions are configured for a domain account that has Read/Write/Modify access to the remote file server. "

I am aware of the anonymous user issue on IIS. I already took care of that by using a domain account. The issue I am experiencing is not chronic. If I independently call FileSystemObject to create or move a file to the remote server, it works fine. This tells me the permissions are good. However, if I try to upload to the remove server, I get Permission Denied, Write File Error or a blank response but no upload.

If I upload to the local web server instead, it works fine. Then if I try to call the FileSystemObject for any reason on the remove server, create folder, move file, etc. within a few minutes from when the upload occured I will get Permission Denied, Write File Error, etc. on the remove server. If I literally sit and wait for several minutes after the upload occurs and try the FileSystemObject call again, whatever I was trying to do will run fine.

The upload script is not changing any rights (at least not intentionally) so this is very perplexing.
0
 
LVL 22

Expert Comment

by:cj_1969
ID: 24785518
Sorry for the mis-understanding.
Two things come to mind.
Since you need to access a "remote" network resource make sure that you have impersonation enabled for this directory/site in IIS, otherwise I believe the credentials default to the anonumous machine account, despite what is being used in IIS for anonymous.
The other thing that comes to mind is that it might be trying to use the application pool ID as oppsed to the anonymous account.  You can try changing the logon ID of the app pool to the domain account and see if this works ... I believe you will still need to have impersonation enabled for the site for this to work.

http://msdn.microsoft.com/en-us/library/134ec8tc(VS.80).aspx
0
 

Accepted Solution

by:
MDauphinais1 earned 0 total points
ID: 25327798
The issue ended up being on our servers. I don't really know what the issue was but I was told the file share server was screwed up with a failing HDD and other strange issues with the way they have everything set up.

What I did to finally get it working was originally I had the entire IIS site set to Anonymous with credentials that had access on the file share. I changed that to make the entire site Windows Authentication only and made one specific folder Anonymous with the special credentials. This folder only contains one file which creates/deletes folders on the file share. To keep the session variable for the current user from being overridden I call the file in this folder with JavaScript instead of from ASP. Seems to be working so far...
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
JavaScript can be used in a browser to change parts of a webpage dynamically. It begins with the following pattern: If condition W is true, do thing X to target Y after event Z. Below are some tips and tricks to help you get started with JavaScript …
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question