Access Denied error for .NET

This should be an easy fix, but I'm not figuring it out.  

My .NET app allows users to download mp3 files from my server.  I keep getting access denied error.  I think I need to grant the ASPNET user permissions for the folder, but I don't see that user anywhere to add it.  Please advise...  

The error message is:

Server Error in '/' Application.
Access to the path 'C:\MusicCatalog\MP3s\5454_Pop_SmashHaus.mp3' is denied.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.UnauthorizedAccessException: Access to the path 'C:\MusicCatalog\MP3s\5454_Pop_SmashHaus.mp3' is denied.

ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6) that is used if the application is not impersonating. If the application is impersonating via <identity impersonate="true"/>, the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user.

To grant ASP.NET access to a file, right-click the file in Explorer, choose "Properties" and select the Security tab. Click "Add" to add the appropriate user or group. Highlight the ASP.NET account, and check the boxes for the desired access.
 
JT_SIROAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

FunkyBrownCommented:
As per the error message, there are a few different accounts that ASPNET could be using.  You should be able to tell what credentials your app is using to access the files by checking for failure audits in the eventlog (you may need to turn on auditing, check http://www.techotopia.com/index.php/Auditing_Windows_Server_2008_File_and_Folder_Access for details).  Check and see what username is listed in the failure event, and grant access - or post back for more help if you run into issues.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
JT_SIROAuthor Commented:
OK, I set up file auditing and logged a failed attempt.  The problem is for user is says "N/A".  What the????

Here's the log:
Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          4/23/2010 3:01:00 PM
Event ID:      5152
Task Category: Filtering Platform Packet Drop
Level:         Information
Keywords:      Audit Failure
User:          N/A
Computer:      LevelsAudioWebServer
Description:
The Windows Filtering Platform has blocked a packet.

Application Information:
      Process ID:            0
      Application Name:      -

Network Information:
      Direction:            Inbound
      Source Address:            192.168.1.151
      Source Port:            64513
      Destination Address:      239.255.255.250
      Destination Port:            1900
      Protocol:            17

Filter Information:
      Filter Run-Time ID:      67283
      Layer Name:            Transport
      Layer Run-Time ID:      13
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
    <EventID>5152</EventID>
    <Version>0</Version>
    <Level>0</Level>
    <Task>12809</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8010000000000000</Keywords>
    <TimeCreated SystemTime="2010-04-23T22:01:00.865328200Z" />
    <EventRecordID>2028</EventRecordID>
    <Correlation />
    <Execution ProcessID="4" ThreadID="80" />
    <Channel>Security</Channel>
    <Computer>LevelsAudioWebServer</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="ProcessId">0</Data>
    <Data Name="Application">-</Data>
    <Data Name="Direction">%%14592</Data>
    <Data Name="SourceAddress">192.168.1.151</Data>
    <Data Name="SourcePort">64513</Data>
    <Data Name="DestAddress">239.255.255.250</Data>
    <Data Name="DestPort">1900</Data>
    <Data Name="Protocol">17</Data>
    <Data Name="FilterRTID">67283</Data>
    <Data Name="LayerName">%%14597</Data>
    <Data Name="LayerRTID">13</Data>
  </EventData>
</Event>
0
asp_net2Commented:
What permissions do you have for the IIS_IUSR Account on the "MusicCatalog" folder? Make sure that this account has Read & Execute, List Folder Contents, and Read Access. Give that a try first and let me know.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

JT_SIROAuthor Commented:
Under the Security tab for the folder, I only see:
CREATE OWNER
SYSTEM
Administrators
Users

So I can't choose the IIS_IUSR.  How do I add this?  Do I need to manually create a User called IIS_IUSR?  I see that there is a group already made called IIS_IUSRS, but there are no users in it.  Please advise.  Thanks

Justin
0
asp_net2Commented:
Try to just add that group and assign the permissions that I mentioned. Let me know if that works for you.
0
JT_SIROAuthor Commented:
I added the group IIS_USRS and gave it permissions and I still get the same message.  But again, the IIS_USRS group doesn't have any users specified.  Any other ideas?  

I'm still wondering why the audit log show the user as N/A...  It seems like that could be the problem.
0
asp_net2Commented:
Hi JT_SIRO,

I still believe that your problem is permission issue. Please take a look at the following links below. These links should resolve your problem.

http://www.experts-exchange.com/Programming/Languages/.NET/Q_21165596.html
http://www.eggheadcafe.com/software/aspnet/29612615/aspnet-is-not-authorized.aspx

Hope this helps!!!
0
JT_SIROAuthor Commented:
I'm loosing my mind on this one... Neither of those worked.  For the record I'm running II7 on Windows Server 2008 R2.  

I've granted (Read & execute, List folder contents, and Read) access for the following Group or user names:
NETWORK SERVICE
IIS_IUSRS

that didn't work so I added the EVERYONE group, restarted IIS and I still get the same access error.  What could possibly be the problem???
0
asp_net2Commented:
Ok, lets start from the beginning. Can you please post your file structure so that I can see how you have everything setup?

Also, can you please post what permissions you have with each folder?

Once I take a look at that then I can look further and try to reproduce the error on my end.
0
JT_SIROAuthor Commented:
When I gave the NETWORK SERVICE user full permissions, it worked.  My code allows users to download the actual files in the directory, not just access them, so that must be a higher permission level.  

Is there any danger in granting that permission?  My .NET app is the only one running on the server, for what that's worth.

Thanks
0
JT_SIROAuthor Commented:
Correction....  It wasn't the NETWORK SERVICE.  I gave the EVERYONE user full permission and it worked.
I narrowed it down to it being write privilege.  I guess because I'm writing a filestream...

I tried giving the NETWORK SERVICE and IIS_IUSRS groups write privileges and it didn't work.  So I left the EVERYONE user with write.  I'd ideally figure out what user is actually making the request and just grant it privileges, but this works too.

Thanks for your help
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
ASP.NET

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.