Access Denied error for .NET

This should be an easy fix, but I'm not figuring it out.  

My .NET app allows users to download mp3 files from my server.  I keep getting access denied error.  I think I need to grant the ASPNET user permissions for the folder, but I don't see that user anywhere to add it.  Please advise...  

The error message is:

Server Error in '/' Application.
Access to the path 'C:\MusicCatalog\MP3s\5454_Pop_SmashHaus.mp3' is denied.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.UnauthorizedAccessException: Access to the path 'C:\MusicCatalog\MP3s\5454_Pop_SmashHaus.mp3' is denied.

ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6) that is used if the application is not impersonating. If the application is impersonating via <identity impersonate="true"/>, the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user.

To grant ASP.NET access to a file, right-click the file in Explorer, choose "Properties" and select the Security tab. Click "Add" to add the appropriate user or group. Highlight the ASP.NET account, and check the boxes for the desired access.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

As per the error message, there are a few different accounts that ASPNET could be using.  You should be able to tell what credentials your app is using to access the files by checking for failure audits in the eventlog (you may need to turn on auditing, check for details).  Check and see what username is listed in the failure event, and grant access - or post back for more help if you run into issues.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
JT_SIROAuthor Commented:
OK, I set up file auditing and logged a failed attempt.  The problem is for user is says "N/A".  What the????

Here's the log:
Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          4/23/2010 3:01:00 PM
Event ID:      5152
Task Category: Filtering Platform Packet Drop
Level:         Information
Keywords:      Audit Failure
User:          N/A
Computer:      LevelsAudioWebServer
The Windows Filtering Platform has blocked a packet.

Application Information:
      Process ID:            0
      Application Name:      -

Network Information:
      Direction:            Inbound
      Source Address:  
      Source Port:            64513
      Destination Address:
      Destination Port:            1900
      Protocol:            17

Filter Information:
      Filter Run-Time ID:      67283
      Layer Name:            Transport
      Layer Run-Time ID:      13
Event Xml:
<Event xmlns="">
    <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
    <TimeCreated SystemTime="2010-04-23T22:01:00.865328200Z" />
    <Correlation />
    <Execution ProcessID="4" ThreadID="80" />
    <Security />
    <Data Name="ProcessId">0</Data>
    <Data Name="Application">-</Data>
    <Data Name="Direction">%%14592</Data>
    <Data Name="SourceAddress"></Data>
    <Data Name="SourcePort">64513</Data>
    <Data Name="DestAddress"></Data>
    <Data Name="DestPort">1900</Data>
    <Data Name="Protocol">17</Data>
    <Data Name="FilterRTID">67283</Data>
    <Data Name="LayerName">%%14597</Data>
    <Data Name="LayerRTID">13</Data>
What permissions do you have for the IIS_IUSR Account on the "MusicCatalog" folder? Make sure that this account has Read & Execute, List Folder Contents, and Read Access. Give that a try first and let me know.
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

JT_SIROAuthor Commented:
Under the Security tab for the folder, I only see:

So I can't choose the IIS_IUSR.  How do I add this?  Do I need to manually create a User called IIS_IUSR?  I see that there is a group already made called IIS_IUSRS, but there are no users in it.  Please advise.  Thanks

Try to just add that group and assign the permissions that I mentioned. Let me know if that works for you.
JT_SIROAuthor Commented:
I added the group IIS_USRS and gave it permissions and I still get the same message.  But again, the IIS_USRS group doesn't have any users specified.  Any other ideas?  

I'm still wondering why the audit log show the user as N/A...  It seems like that could be the problem.

I still believe that your problem is permission issue. Please take a look at the following links below. These links should resolve your problem.

Hope this helps!!!
JT_SIROAuthor Commented:
I'm loosing my mind on this one... Neither of those worked.  For the record I'm running II7 on Windows Server 2008 R2.  

I've granted (Read & execute, List folder contents, and Read) access for the following Group or user names:

that didn't work so I added the EVERYONE group, restarted IIS and I still get the same access error.  What could possibly be the problem???
Ok, lets start from the beginning. Can you please post your file structure so that I can see how you have everything setup?

Also, can you please post what permissions you have with each folder?

Once I take a look at that then I can look further and try to reproduce the error on my end.
JT_SIROAuthor Commented:
When I gave the NETWORK SERVICE user full permissions, it worked.  My code allows users to download the actual files in the directory, not just access them, so that must be a higher permission level.  

Is there any danger in granting that permission?  My .NET app is the only one running on the server, for what that's worth.

JT_SIROAuthor Commented:
Correction....  It wasn't the NETWORK SERVICE.  I gave the EVERYONE user full permission and it worked.
I narrowed it down to it being write privilege.  I guess because I'm writing a filestream...

I tried giving the NETWORK SERVICE and IIS_IUSRS groups write privileges and it didn't work.  So I left the EVERYONE user with write.  I'd ideally figure out what user is actually making the request and just grant it privileges, but this works too.

Thanks for your help
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.