JT_SIRO
asked on
ASP.NET File permissions on Win Server
Hello -
I've written a .net page that moves a file from one folder to another. Pretty simple, and works great on my Dev machine. It doesn't seem to work on my Test server though. I don't get an error, but the file doesn't move. (code below)
I'm running Windows Server 2008 R2. Do I need to set file permissions to allow .NET to move files from a web app? Please advise. Thanks -
Justin
I've written a .net page that moves a file from one folder to another. Pretty simple, and works great on my Dev machine. It doesn't seem to work on my Test server though. I don't get an error, but the file doesn't move. (code below)
I'm running Windows Server 2008 R2. Do I need to set file permissions to allow .NET to move files from a web app? Please advise. Thanks -
Justin
// Move the file to the Purgatory folder
string strFromPath = "c:\\FTP\\" + Request.QueryString["job"].ToString() + "\\" + Profile.UserName.ToString() + "\\" + Request.QueryString["file"].ToString();
string strToPath = "c:\\Purgatory\\" + txtFileName.Text.ToString();
if (!File.Exists(strFromPath))
{
// This statement ensures that the file is created,
// but the handle is not kept.
using (FileStream fs = File.Create(strFromPath)) { }
}
// Ensure that the target does not exist.
if (File.Exists(strToPath))
File.Delete(strToPath);
// Move the file.
File.Move(strFromPath, strToPath);
ASKER
Thanks MlandaT, but I'm still kind of stuck. Here's what I did:
I gave NETWORK SERVICE Full Control on the two folders and it did not work.
I tried adding my App Pool DefaultAppPool, and the name was not recognized.
I tried adding IIS_WPG and the name was not recognized.
For the heck of it, I gave the Users group Full Control, and it DID work. But I don't want to grant this permission to all Users do I?
I gave NETWORK SERVICE Full Control on the two folders and it did not work.
I tried adding my App Pool DefaultAppPool, and the name was not recognized.
I tried adding IIS_WPG and the name was not recognized.
For the heck of it, I gave the Users group Full Control, and it DID work. But I don't want to grant this permission to all Users do I?
"I tried adding my App Pool DefaultAppPool, and the name was not recognized." I dont think this is right...
1. Check what application pool your application is running under.
- Right click your website in IIS, Manage Website -> Advanced Settings ... you will see the Application Pool there.
2. Check what user account your applicaiton pool is using.
- Click "Application Pools" in IIS, find the application pool in (1) above, right click, click "Advanced Settings"... check what the Identity being used is....
3. Make sure that account has permissions on the fodlers...
1. Check what application pool your application is running under.
- Right click your website in IIS, Manage Website -> Advanced Settings ... you will see the Application Pool there.
2. Check what user account your applicaiton pool is using.
- Click "Application Pools" in IIS, find the application pool in (1) above, right click, click "Advanced Settings"... check what the Identity being used is....
3. Make sure that account has permissions on the fodlers...
If the Application Pool is configured to use the AppPoolIdentity, you have 2 options
1) On the folders in question.. assign permissions to the 'user' that has the same name as your applicaiton pool (http://learn.iis.net/page.aspx/624/application-pool-identities/, http://blogs.msdn.com/b/vijaysk/archive/2009/02/13/goodbye-network-service.aspx)
2) Change it to a different account e.g. NetworkService...in which case granting the NETWORK SERVICE account permissions o the folder will work as normal.
Additional Reading:
http://blogs.iis.net/webdevelopertips/archive/2009/10/02/tip-98-did-you-know-the-default-application-pool-identity-in-iis-7-5-windows-7-changed-from-networkservice-to-apppoolidentity.aspx
1) On the folders in question.. assign permissions to the 'user' that has the same name as your applicaiton pool (http://learn.iis.net/page.aspx/624/application-pool-identities/, http://blogs.msdn.com/b/vijaysk/archive/2009/02/13/goodbye-network-service.aspx)
2) Change it to a different account e.g. NetworkService...in which case granting the NETWORK SERVICE account permissions o the folder will work as normal.
Additional Reading:
http://blogs.iis.net/webdevelopertips/archive/2009/10/02/tip-98-did-you-know-the-default-application-pool-identity-in-iis-7-5-windows-7-changed-from-networkservice-to-apppoolidentity.aspx
And in case you have problems with the configuration using the GUI... you may have to switch to the command line... http://serverfault.com/questions/81165/how-to-assign-permissions-to-applicationpoolidentity-account
Of course all assuming that you are continuing use of the new ApplicationPoolIdentity
Of course all assuming that you are continuing use of the new ApplicationPoolIdentity
ASKER
I read the articles and still can't get it to recognize my app pool name. Please see attached images.
appPool1.bmp
appPool2.bmp
appPool1.bmp
appPool2.bmp
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
If you need to allow the same level of access to a file resource for all accounts that run ASP.NET applications (Network Service or a custom service account), you can grant access to the IIS_WPG group instead of specifically to the Network Service account. Any account used to run ASP.NET is required to be a member of the IIS_WPG group.
If your ASP.NET application is configured to use a custom application pool, check the identity used to run that application pool and give that account permissions on the folders in question.