Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

ASP.NET File permissions on Win Server

Posted on 2010-09-10
7
Medium Priority
?
709 Views
Last Modified: 2012-05-10
Hello -

I've written a .net page that moves a file from one folder to another.  Pretty simple, and works great on my Dev machine.  It doesn't seem to work on my Test server though.  I don't get an error, but the file doesn't move.  (code below)

I'm running Windows Server 2008 R2.  Do I need to set file permissions to allow .NET to move files from a web app?  Please advise.  Thanks -

Justin
// Move the file to the Purgatory folder
            string strFromPath = "c:\\FTP\\" + Request.QueryString["job"].ToString() + "\\" + Profile.UserName.ToString() + "\\" + Request.QueryString["file"].ToString();
            string strToPath = "c:\\Purgatory\\" + txtFileName.Text.ToString();

            if (!File.Exists(strFromPath))
            {
                // This statement ensures that the file is created,
                // but the handle is not kept.
                using (FileStream fs = File.Create(strFromPath)) { }
            }

            // Ensure that the target does not exist.
            if (File.Exists(strToPath))
                File.Delete(strToPath);

            // Move the file.
            File.Move(strFromPath, strToPath);

Open in new window

0
Comment
Question by:JT_SIRO
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
7 Comments
 
LVL 31

Expert Comment

by:MlandaT
ID: 33650521
yes give the Network Service permissions on the folders. If the folders are created by the ASP.NET application then they shld already have the necessary permissions.

 If you need to allow the same level of access to a file resource for all accounts that run ASP.NET applications (Network Service or a custom service account), you can grant access to the IIS_WPG group instead of specifically to the Network Service account. Any account used to run ASP.NET is required to be a member of the IIS_WPG group.

If your ASP.NET application is configured to use a custom application pool, check the identity used to run that application pool and give that account permissions on the folders in question.
0
 

Author Comment

by:JT_SIRO
ID: 33650698
Thanks MlandaT, but I'm still kind of stuck.  Here's what I did:
I gave NETWORK SERVICE Full Control on the two folders and it did not work.  
I tried adding my App Pool DefaultAppPool, and the name was not recognized.
I tried adding IIS_WPG and the name was not recognized.

For the heck of it, I gave the Users group Full Control, and it DID work.  But I don't want to grant this permission to all Users do I?  
0
 
LVL 31

Expert Comment

by:MlandaT
ID: 33650889
"I tried adding my App Pool DefaultAppPool, and the name was not recognized." I dont think this is right...

1. Check what application pool your application is running under.
- Right click your website in IIS, Manage Website -> Advanced Settings ... you will see the Application Pool there.

2. Check what user account your applicaiton pool is using.
- Click "Application Pools" in IIS, find the application pool in (1) above, right click, click "Advanced Settings"... check what the Identity being used is....

3. Make sure that account has permissions on the fodlers...
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 31

Expert Comment

by:MlandaT
ID: 33650910
If the Application Pool is configured to use the AppPoolIdentity, you have 2 options
1) On the folders in question.. assign permissions to the 'user' that has the same name as your applicaiton pool (http://learn.iis.net/page.aspx/624/application-pool-identities/, http://blogs.msdn.com/b/vijaysk/archive/2009/02/13/goodbye-network-service.aspx)
2) Change it to a different account e.g. NetworkService...in which case granting the NETWORK SERVICE account permissions o the folder will work as normal.


Additional Reading:
http://blogs.iis.net/webdevelopertips/archive/2009/10/02/tip-98-did-you-know-the-default-application-pool-identity-in-iis-7-5-windows-7-changed-from-networkservice-to-apppoolidentity.aspx
0
 
LVL 31

Expert Comment

by:MlandaT
ID: 33650928
And in case you have problems with the configuration using the GUI... you may have to switch to the command line... http://serverfault.com/questions/81165/how-to-assign-permissions-to-applicationpoolidentity-account
 Of course all assuming that you are continuing use of the new ApplicationPoolIdentity
0
 

Author Comment

by:JT_SIRO
ID: 33651397
I read the articles and still can't get it to recognize my app pool name.  Please see attached images.
appPool1.bmp
appPool2.bmp
0
 
LVL 31

Accepted Solution

by:
MlandaT earned 1000 total points
ID: 33652370
Option 1:
Note that if you enter "IIS APPPOOL\MusicSearchTEST" directly into the "Select User or Group" (instead of searching for it) when editing permissions, it will be recognized just fine (tested on Win2k8 R2 x64).

Option 2:
Have you tried the command line option:

icacls c:\inetpub\wwwroot /grant "IIS APPPOOL\MusicSearchTEST":(OI)(CI)(RX)

ICACLS command syntax: http://technet.microsoft.com/en-us/library/cc753525%28WS.10%29.aspx, http://ss64.com/nt/icacls.html
Reference material: http://serverfault.com/questions/81165/how-to-assign-permissions-to-applicationpoolidentity-account
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question