asked on Asp.net Upload File ( FileUpload1.SaveAs) "Access to the path denied"
Have a page that was working in IIS 6. Upgraded from IIS 6 to IIS 8.5 and now this doesn't work. Using .Net V4.0
Uploading file from web #2 to a different web #1. The document goes into a file folder. Each one has it's own appPool. (web1, web2)
I understand now the identity is in the application pool. So I set the appPool on both webs (1 & 2) to NetworkService. (Thru IIS -> Application Pools -> Right Click -> Advanced Settings -> Identity)
Then on the file folder where the docs are stored gave NetworkService all permissions. Still have the error. So then on the file folder I gave permissions to everyone for everything - still have "Access denied"
Any ideas?
Uploading file from web #2 to a different web #1. The document goes into a file folder. Each one has it's own appPool. (web1, web2)
I understand now the identity is in the application pool. So I set the appPool on both webs (1 & 2) to NetworkService. (Thru IIS -> Application Pools -> Right Click -> Advanced Settings -> Identity)
Then on the file folder where the docs are stored gave NetworkService all permissions. Still have the error. So then on the file folder I gave permissions to everyone for everything - still have "Access denied"
Any ideas?
Microsoft IIS Web ServerASP.NET
Last Comment
JS List
ASKER
Same server just different web. One is http://web1 and the other is http://web2
I do use a virtual directory to point to the specific folder where the file is being uploaded to.
I do use a virtual directory to point to the specific folder where the file is being uploaded to.
There is a major difference between IIS6 and IIS8.
IIS6 is not capable to transfer a identity to a subsequent service.
IIS8 is, based on Kerberos can delegate tickets.
Precondition for Kerberos is that the SPNs are registered in the right way. Also the authentication on the web site has to be set in the right way, there is NTLM or Negotiate.
If he web site is set to NTLM, the identity of the writing user in the AppPool account.
If the web server uses negotiate, Kerberos is tried first.
Also the everyone group is a bit different in later OS / DC functional level .
You may try to use "authenticated users".
IIS6 is not capable to transfer a identity to a subsequent service.
IIS8 is, based on Kerberos can delegate tickets.
Precondition for Kerberos is that the SPNs are registered in the right way. Also the authentication on the web site has to be set in the right way, there is NTLM or Negotiate.
If he web site is set to NTLM, the identity of the writing user in the AppPool account.
If the web server uses negotiate, Kerberos is tried first.
Also the everyone group is a bit different in later OS / DC functional level .
You may try to use "authenticated users".
Hi,
You can try this thing for your solution as it mostly works :
Open IIS >> authentication >> anonymous >> edit >> chose application pool.
Give permissions to the folder of IUSR and IIS_ users
Change the app pool identity to application pool
Good Luck!!
You can try this thing for your solution as it mostly works :
Open IIS >> authentication >> anonymous >> edit >> chose application pool.
Give permissions to the folder of IUSR and IIS_ users
Change the app pool identity to application pool
Good Luck!!
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Dan -
I tried what you said only with a local server account instead of the domain. It didn't work. This is an intranet - that's held on 1 physical machine, 1 IIS Server. The IIS server has 2 webs. The files directory allows for IUSR and IIS_IUSRS.
It didn't work. But it gave me an idea.
There is a virtual directory "FilesDir" that points to the general files folder area.
When I did this it gives me an error Access Denied:
Dim thisSaveServer As String = Server.MapPath("~/FilesDir
tempPath = filePath.Value
e.File.SaveAs(thisSaveServ
But when I did this - no error the file uploaded:
Dim thisSaveServer As String = "C:\IIS\Web1\Files"
tempPath = filePath.Value
e.File.SaveAs(thisSaveServ
The permissions for a virtual directory match what's on the "C:\IIS\Web1\Files" folder.
Any ideas?
JS
I tried what you said only with a local server account instead of the domain. It didn't work. This is an intranet - that's held on 1 physical machine, 1 IIS Server. The IIS server has 2 webs. The files directory allows for IUSR and IIS_IUSRS.
It didn't work. But it gave me an idea.
There is a virtual directory "FilesDir" that points to the general files folder area.
When I did this it gives me an error Access Denied:
Dim thisSaveServer As String = Server.MapPath("~/FilesDir
tempPath = filePath.Value
e.File.SaveAs(thisSaveServ
But when I did this - no error the file uploaded:
Dim thisSaveServer As String = "C:\IIS\Web1\Files"
tempPath = filePath.Value
e.File.SaveAs(thisSaveServ
The permissions for a virtual directory match what's on the "C:\IIS\Web1\Files" folder.
Any ideas?
JS
ASKER
Well I take the last comment back - now it didn't work.
Ähm...
You have a Win2012R2 right?
It comes with .NET 4.x
Have you also installed .Net 3.x?
Have you tried to put this application back to ASP 2.0?
You have a Win2012R2 right?
It comes with .NET 4.x
Have you also installed .Net 3.x?
Have you tried to put this application back to ASP 2.0?
Ok, using local accounts and trying to access files across the network is a bad practice. It makes for a headache trying to set & manage the ACLs on the share and in NTFS, its problematic at best.
Again, I will recommend using a domain account as a service account on both servers for the AppPools that support the websites in question.
What language have you written the app in? ASP.NET (VB.NET) or Classic ASP? The code you posted looks to be old ASP.
As a test only: you may want to test your code with "Parent Paths" enabled.
** (It was enabled by default in IIS6, IIS7+ it is disabled by default)
MSDN reference: https://msdn.microsoft.com/en-us/library/ms524632%28v=vs.90%29.aspx
Also, a IIS.NET article explaining the issue and a work-around. IMO "Parent Paths" should never be enabled.
Reference: http://www.iis.net/learn/application-frameworks/running-classic-asp-applications-on-iis-7-and-iis-8/classic-asp-parent-paths-are-disabled-by-default
Dan
Again, I will recommend using a domain account as a service account on both servers for the AppPools that support the websites in question.
What language have you written the app in? ASP.NET (VB.NET) or Classic ASP? The code you posted looks to be old ASP.
As a test only: you may want to test your code with "Parent Paths" enabled.
** (It was enabled by default in IIS6, IIS7+ it is disabled by default)
MSDN reference: https://msdn.microsoft.com/en-us/library/ms524632%28v=vs.90%29.aspx
Also, a IIS.NET article explaining the issue and a work-around. IMO "Parent Paths" should never be enabled.
Reference: http://www.iis.net/learn/application-frameworks/running-classic-asp-applications-on-iis-7-and-iis-8/classic-asp-parent-paths-are-disabled-by-default
Dan
ASKER
Hi Dan,
I understand what you mean with the service account. Had my server admin set up an account, but the application pool identity won't accept the password, in IIS manager. For a test I used my own account and the file upload worked. The server admin doesn't know which service to run it under.
Thanks for the help.
I understand what you mean with the service account. Had my server admin set up an account, but the application pool identity won't accept the password, in IIS manager. For a test I used my own account and the file upload worked. The server admin doesn't know which service to run it under.
Thanks for the help.
I've never heard an AppPool not accepting a password before. My guess is that the password was either incorrectly input or the password does not meet the domain strength requirements.
You don't run the account under a server... the service account is used only in IIS Manager under the AppPool advanced configuration.
Dan
You don't run the account under a server... the service account is used only in IIS Manager under the AppPool advanced configuration.
Dan
Hello, you can just give to read and write permision to that folder that you have used for save your files.
ASKER
Sorry office closed for 2 weeks. - Here's an interesting thing I found. If I am uploading a new file it uploads. If I am uploading a new version of a file it blows up and says I don't have permissions.
Any ideas?
Any ideas?
ASKER
Dan led me to investigating in the right area. I set up the account and modified the appPool & sites. Still did not resolve the problem. After speaking to the network administrator, he identified that not all the shares were moved over when he set the server up. The tool he used to do this did not do the complete job.
Without Dan's contribution I would not have been able to solve the problem.
Without Dan's contribution I would not have been able to solve the problem.
Dan