I've internal Asp.Net Core Site running on IIS10 in my company.
Now i thought its a good idea to access pdf files from another server via a virtual directory. (Maybe someone has another idea)
We have 1 Server with Active Directory User, the File Server and the Server where IIS is running.
I tried absolut everything with permissions, at the end nearly everything had Admin Access but IIS still keeps meaning it has not enough permissions.
(Maybe i missed a restart at some point, i dont know)
I read much about the iis_iusrs the active directory has no user only a group where i added the iis user.
Other way giving the folder iisServer\iis_iusrs permissions isnt accepted
I've this error:
https://learn.microsoft.com/en-us/troubleshoot/iis/http-error-500-19-webpage
I read that its not the web.config but tried also many permission options.
At the end i'm pretty confused, didnt think that its so complicated or maybe i'm doing everything wrong
Maybe someone knows a way for dummys which always work.
You can try this way to slove the question:
Open the Internet Information Services.
Expand the root node, expand Sites, and right-click on your Application, click Manage Web Site ->Advanced Settings.
Note down the Application Pool name under General settings and close the window.
Now go to Application Pools section, here you can see what Identity is used in the corresponding Application Pool.
Here, the user account testuser1 is configured in Application Pool. So we need give required permissions for this user in the website directory.
Go the abother web directory folder, right-click on the folder and click Properties.
Set required permissions for the Identity(testuser1) that used in ApplicationPool.
Restart Application Pool and Web Application and try again.
Related
I am using asp.net mvc4 application. where I have custom code which upload the files in specific folder of my application. this code has option to delete files(uploaded on that) folder.
I don’t have that code so I want to change permission of that folder so that it will not allow to delete files from that location via web application.windows its self send error for permission.
I have deny delete permission for the networksservices but not working.
now this is working for already images available in this folder. But now problem is when I am uploading new images it is allowing to delete a image means security permission hasn't applied to new images. why?
How/Which user should I assigned permission deny of delete?
It seems that the user account under which your web site is running isn't networkservices.
If your application is hosted in IIS, you need to find the Application Pool for your web site and then check the user account used by this application pool. So check the properties of your web site on IIS, see the application pool name and then go to the Application Pools node in IIS console tree, find the application name and check its properties to find the related user.
I'm trying to delete a user profile folder suing C# and ASP.net, when i do this through windows UI i get a UAC prompt which is fine.
I wish to this programmatically using ASP.net & C# .
The objective is for admin users to launch a webform and do this remotely on workstation but i'm currently getting permission errors.
(im running visual studio as admin in my debugging environment to delete local users)
{"Access to the path 'C:\Users\nzsp2013admin\AppData\Local\Microsoft\Windows\Application ..... is denied."}
code:
var dir = new DirectoryInfo("C:\Users\nzsp2013admin");
dir.Attributes = dir.Attributes & ~FileAttributes.ReadOnly;
dir.Delete(true); // true => recursive delete
This has to do with the permissions which are configured in IIS.
Every ASP.NET application that you run in IIS will be run using an identity that can be managed in the Application Pools section in IIS Manager.
By default, each Application Pool that is created (including the default one) will have permissions within a limited scope.
If I'm honest, the phrase Application Pool makes things sound more complicated than what they actually are. An application pool is just an identity exactly like the one that you use to sign on to your PC, and in your case an identity with normal user permissions is attempting to perform an action that requires a set of higher permissions.
To resolve this, open up IIS.
Click on Application Pools
Select the Application Pool that your web application is running under
Click on Advanced Settings
Click on identity and select Custom identity
Enter the credentials of an account that has administrative privileges.
However, I do have to warn you that you could be opening yourself up to a wide range of security concerns and that there are alternatives such as adding explicit permissions to specific directories that include the identity which the ASP.NET application is running from.
I used this approach and it works very well. With this approach you dont use an account with high level privileges all the time just when required and not for the application execution.
Try to use a domain account and add privileges to the folder or lacation you required. And share the folder so you can use an unc path.
Accessing a Shared File (UNC) From a Remote, Non-Trusted Domain With Credentials
You could use code impersonation:
http://csharptuning.blogspot.com/2007/06/impersonation-in-c.html
http://www.codeproject.com/Articles/14358/User-Impersonation-in-NET
regardless, whomever you use as the impersonation must be able to read/write to the location. We use this method in applications for delete/create folder across network but in theory, you should be able to wrap this around any piece of code, check to see if the user is an admin, and if so use the impersonated user to delete the folder, or however you prefer to do it.
Also, I noticed you mention that you are wanting to do it remotely, but your examples have the local path.
You may also find this useful: Deleting Windows user accounts remotely WCF and C#
I know this question has already been already many times,but doesn't help me tackle my equation.
I currently have a Folder shared for the respective users to be zipped when the user calls the service. I get Access to the path \\IP\FolderName is denied. On research, I found out several solutions for this issue, but none worked.
I tested by trying to zip the files inside the folder and was able to do it successfully. I do not know what might be the issue! I even tried going the bad way by giving permission for Everyone for the folder (out of frustration though) and still was not successful.
My Anonymous, Asp.Net Impersonate and Windows Authentication were enabled.I do not know what might be the issue.
PS: Could I know in what identity the IIS is accessing the folder, so that I can give permissions only to that User.
I can not help you with your main problem, but for the following:
Could I know in what identity the IIS is accessing the folder, so that I can give permissions only to that User.
You need to check what Application Pool is assigned to your application in IIS. Then go to the application pools section and there the user is listed:
As mentioned by Chrfin you need to first find out the Application pool used by your application(Ex: DefaultAppPool, ASP.NET v4.0 etc). Right click on the relevant App pool and go to Advanced Settings there you should see the Identity.
But best way is to go for impersonation, Check this thread for more details. With impersonation what you do is, Giving required folder access permission to an admin user on the web server and whenever you try to access these folder from within your code, you impersonate particular code block,
Using(Impersonator impersonator = new Impersonator())
{
//Write the folder accessing logic here
}
I've been working on an asp.net 4.0 website and seem to be having an issue with deleting from the database stored in the app_data folder.
I created a domain group in the actice directory and used the web.config file to restrict access to certain pages that allow modifcation of the database. Everything worked fine on my test machine and the production server, but the issue is that on the server, even though it recognizes the user when you access the page, when you try to delete an item it denies access and does not allow you to delete the item.
The users had read/write permissions to the folder, but it still denied access. I did some testing and allowed everyone read/write acces, and it allowed me to delete, but I don't like having that option set up.
Does anyone know what causes this issue and what the proper fix would be? I'm assuming I have to let the website know which user is running the application before it tries to delete so they can write to the database, but I thought it would do that automatically since I used Windows authentication.
If anyone has any information I would greatly appreciate it.
The user account that is running the application pool for your website is the only user account that needs MODIFY permissions to that database file.
I am using a Tree View Directory browser in my application. I am using
DirectoryInfo.GetDirectories()
DirectoryInfo.Getfiles()
My requirement is that I need to browse the server folders from client with this. I am able to access shared drives also from the same machine. I hosted the site in IIS6 in a virtual directory. When I try to access the shared drive from the client I dont find it. Do we have to do something in IIS? I tried giving IdentityImpersonate="true" but still getting same problem.
This is a double hop problem. The IIS server would have to do delegation to move your credentials across 2 hops, (your machine to IIS - IIS to file share). Configuring delegation is a tricky process, but I haven't tried in a while, maybe the diagnostics have improved. Normally you follow the delegation instructions and still get access denied.
The easier solution is to use explicit credentials to go from IIS to the file share. The down side to this is that you have to specify username and password of a windows account somewhere in your web.config or source code.