JT_SIRO
asked on
Access Denied error for .NET
This should be an easy fix, but I'm not figuring it out.
My .NET app allows users to download mp3 files from my server. I keep getting access denied error. I think I need to grant the ASPNET user permissions for the folder, but I don't see that user anywhere to add it. Please advise...
The error message is:
Server Error in '/' Application.
Access to the path 'C:\MusicCatalog\MP3s\5454
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.UnauthorizedAccessE
ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6) that is used if the application is not impersonating. If the application is impersonating via <identity impersonate="true"/>, the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user.
To grant ASP.NET access to a file, right-click the file in Explorer, choose "Properties" and select the Security tab. Click "Add" to add the appropriate user or group. Highlight the ASP.NET account, and check the boxes for the desired access.
My .NET app allows users to download mp3 files from my server. I keep getting access denied error. I think I need to grant the ASPNET user permissions for the folder, but I don't see that user anywhere to add it. Please advise...
The error message is:
Server Error in '/' Application.
Access to the path 'C:\MusicCatalog\MP3s\5454
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.UnauthorizedAccessE
ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6) that is used if the application is not impersonating. If the application is impersonating via <identity impersonate="true"/>, the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user.
To grant ASP.NET access to a file, right-click the file in Explorer, choose "Properties" and select the Security tab. Click "Add" to add the appropriate user or group. Highlight the ASP.NET account, and check the boxes for the desired access.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
What permissions do you have for the IIS_IUSR Account on the "MusicCatalog" folder? Make sure that this account has Read & Execute, List Folder Contents, and Read Access. Give that a try first and let me know.
ASKER
Under the Security tab for the folder, I only see:
CREATE OWNER
SYSTEM
Administrators
Users
So I can't choose the IIS_IUSR. How do I add this? Do I need to manually create a User called IIS_IUSR? I see that there is a group already made called IIS_IUSRS, but there are no users in it. Please advise. Thanks
Justin
CREATE OWNER
SYSTEM
Administrators
Users
So I can't choose the IIS_IUSR. How do I add this? Do I need to manually create a User called IIS_IUSR? I see that there is a group already made called IIS_IUSRS, but there are no users in it. Please advise. Thanks
Justin
Try to just add that group and assign the permissions that I mentioned. Let me know if that works for you.
ASKER
I added the group IIS_USRS and gave it permissions and I still get the same message. But again, the IIS_USRS group doesn't have any users specified. Any other ideas?
I'm still wondering why the audit log show the user as N/A... It seems like that could be the problem.
I'm still wondering why the audit log show the user as N/A... It seems like that could be the problem.
Hi JT_SIRO,
I still believe that your problem is permission issue. Please take a look at the following links below. These links should resolve your problem.
https://www.experts-exchange.com/questions/21165596/ASP-NET-is-not-Authorized.html
http://www.eggheadcafe.com/software/aspnet/29612615/aspnet-is-not-authorized.aspx
Hope this helps!!!
I still believe that your problem is permission issue. Please take a look at the following links below. These links should resolve your problem.
https://www.experts-exchange.com/questions/21165596/ASP-NET-is-not-Authorized.html
http://www.eggheadcafe.com/software/aspnet/29612615/aspnet-is-not-authorized.aspx
Hope this helps!!!
ASKER
I'm loosing my mind on this one... Neither of those worked. For the record I'm running II7 on Windows Server 2008 R2.
I've granted (Read & execute, List folder contents, and Read) access for the following Group or user names:
NETWORK SERVICE
IIS_IUSRS
that didn't work so I added the EVERYONE group, restarted IIS and I still get the same access error. What could possibly be the problem???
I've granted (Read & execute, List folder contents, and Read) access for the following Group or user names:
NETWORK SERVICE
IIS_IUSRS
that didn't work so I added the EVERYONE group, restarted IIS and I still get the same access error. What could possibly be the problem???
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
When I gave the NETWORK SERVICE user full permissions, it worked. My code allows users to download the actual files in the directory, not just access them, so that must be a higher permission level.
Is there any danger in granting that permission? My .NET app is the only one running on the server, for what that's worth.
Thanks
Is there any danger in granting that permission? My .NET app is the only one running on the server, for what that's worth.
Thanks
ASKER
Correction.... It wasn't the NETWORK SERVICE. I gave the EVERYONE user full permission and it worked.
I narrowed it down to it being write privilege. I guess because I'm writing a filestream...
I tried giving the NETWORK SERVICE and IIS_IUSRS groups write privileges and it didn't work. So I left the EVERYONE user with write. I'd ideally figure out what user is actually making the request and just grant it privileges, but this works too.
Thanks for your help
I narrowed it down to it being write privilege. I guess because I'm writing a filestream...
I tried giving the NETWORK SERVICE and IIS_IUSRS groups write privileges and it didn't work. So I left the EVERYONE user with write. I'd ideally figure out what user is actually making the request and just grant it privileges, but this works too.
Thanks for your help
ASKER
Here's the log:
Log Name: Security
Source: Microsoft-Windows-Security
Date: 4/23/2010 3:01:00 PM
Event ID: 5152
Task Category: Filtering Platform Packet Drop
Level: Information
Keywords: Audit Failure
User: N/A
Computer: LevelsAudioWebServer
Description:
The Windows Filtering Platform has blocked a packet.
Application Information:
Process ID: 0
Application Name: -
Network Information:
Direction: Inbound
Source Address: 192.168.1.151
Source Port: 64513
Destination Address: 239.255.255.250
Destination Port: 1900
Protocol: 17
Filter Information:
Filter Run-Time ID: 67283
Layer Name: Transport
Layer Run-Time ID: 13
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Se
<EventID>5152</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12809</Task>
<Opcode>0</Opcode>
<Keywords>0x80100000000000
<TimeCreated SystemTime="2010-04-23T22:
<EventRecordID>2028</Event
<Correlation />
<Execution ProcessID="4" ThreadID="80" />
<Channel>Security</Channel
<Computer>LevelsAudioWebSe
<Security />
</System>
<EventData>
<Data Name="ProcessId">0</Data>
<Data Name="Application">-</Data
<Data Name="Direction">%%14592</
<Data Name="SourceAddress">192.1
<Data Name="SourcePort">64513</D
<Data Name="DestAddress">239.255
<Data Name="DestPort">1900</Data
<Data Name="Protocol">17</Data>
<Data Name="FilterRTID">67283</D
<Data Name="LayerName">%%14597</
<Data Name="LayerRTID">13</Data>
</EventData>
</Event>