I am currently creating a folder and writing a file to the folder that need to be create on a file server that we have. When i do a localhost test, it work perfectly but when i access the website from outside the localhost and from another pc. It said that
System.UnauthorizedAccessException: Access to the path 'My File Server
URL' is denied
ASP.NET is not authorized to access the requested resource. Consider
granting access rights to the resource to the ASP.NET request
identity. ASP.NET has a base process identity (typically
{MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6) that is used if
the application is not impersonating. If the application is
impersonating via , the identity will be
the anonymous user (typically IUSR_MACHINENAME) or the authenticated
request user.
To grant ASP.NET access to a file, right-click the file in Explorer,
choose "Properties" and select the Security tab. Click "Add" to add
the appropriate user or group. Highlight the ASP.NET account, and
check the boxes for the desired access.
But the thing is that i have already set the identity impersonate="true" in the web.config and it still didn't work. My web server is running on Winder Server 2003 and IIS 6
Any advice and help will be deeply appreciated
Thanks
Brandon
You need to grant write, modify permission to the Users group for that file/folder.
Check your IIS Authentication setting and make sure that Anonymous authentication is enabled.
Hi Guys i manage to find the solution to it
If u are creating a folder, using this code before file or folder creation
WindowsImpersonationContext ctx = WindowsIdentity.Impersonate(IntPtr.Zero);
// Insert the create code here
ctx.Undo();
Well i do not know if this is the best solution. if anyone know the downside or implication of this code please share and comment.
no harm knowing more
Related
I am using asp.net mvc4 application. where I have custom code which upload the files in specific folder of my application. this code has option to delete files(uploaded on that) folder.
I don’t have that code so I want to change permission of that folder so that it will not allow to delete files from that location via web application.windows its self send error for permission.
I have deny delete permission for the networksservices but not working.
now this is working for already images available in this folder. But now problem is when I am uploading new images it is allowing to delete a image means security permission hasn't applied to new images. why?
How/Which user should I assigned permission deny of delete?
It seems that the user account under which your web site is running isn't networkservices.
If your application is hosted in IIS, you need to find the Application Pool for your web site and then check the user account used by this application pool. So check the properties of your web site on IIS, see the application pool name and then go to the Application Pools node in IIS console tree, find the application name and check its properties to find the related user.
I know this question has already been already many times,but doesn't help me tackle my equation.
I currently have a Folder shared for the respective users to be zipped when the user calls the service. I get Access to the path \\IP\FolderName is denied. On research, I found out several solutions for this issue, but none worked.
I tested by trying to zip the files inside the folder and was able to do it successfully. I do not know what might be the issue! I even tried going the bad way by giving permission for Everyone for the folder (out of frustration though) and still was not successful.
My Anonymous, Asp.Net Impersonate and Windows Authentication were enabled.I do not know what might be the issue.
PS: Could I know in what identity the IIS is accessing the folder, so that I can give permissions only to that User.
I can not help you with your main problem, but for the following:
Could I know in what identity the IIS is accessing the folder, so that I can give permissions only to that User.
You need to check what Application Pool is assigned to your application in IIS. Then go to the application pools section and there the user is listed:
As mentioned by Chrfin you need to first find out the Application pool used by your application(Ex: DefaultAppPool, ASP.NET v4.0 etc). Right click on the relevant App pool and go to Advanced Settings there you should see the Identity.
But best way is to go for impersonation, Check this thread for more details. With impersonation what you do is, Giving required folder access permission to an admin user on the web server and whenever you try to access these folder from within your code, you impersonate particular code block,
Using(Impersonator impersonator = new Impersonator())
{
//Write the folder accessing logic here
}
I am trying to create a Directory in .NET using Directory.CreateDirectory, I followed the directions here to give access permission but I am still getting an UnauthorizedAccessException. Does anyone have any advice? Note, this is a web application that uses the IIS7 server.
In the directory you are attempting to create a new directory, make sure that your app pool user has Read/Write permissions for that directory. You have to specifically do that in addition to adding the user to the user groups.
2 more potential issues (+1 to user959729):
you are creating directory at different place than you think you are (i.e. you building path wrong)
the code runs under impersonated account (user's or anonymous) and such user does not have permissions to create folder (to verify try check System.Environment.UserName before creating directory). To fix you need to run code as process account.
I've been working on an asp.net 4.0 website and seem to be having an issue with deleting from the database stored in the app_data folder.
I created a domain group in the actice directory and used the web.config file to restrict access to certain pages that allow modifcation of the database. Everything worked fine on my test machine and the production server, but the issue is that on the server, even though it recognizes the user when you access the page, when you try to delete an item it denies access and does not allow you to delete the item.
The users had read/write permissions to the folder, but it still denied access. I did some testing and allowed everyone read/write acces, and it allowed me to delete, but I don't like having that option set up.
Does anyone know what causes this issue and what the proper fix would be? I'm assuming I have to let the website know which user is running the application before it tries to delete so they can write to the database, but I thought it would do that automatically since I used Windows authentication.
If anyone has any information I would greatly appreciate it.
The user account that is running the application pool for your website is the only user account that needs MODIFY permissions to that database file.
I have read other posts about how to accomplish this but to no avail. When I deploy my application to the server (2008) I get the following exception at runtime:
Access to the registry key 'HKEY_CURRENT_USER\Software\Microsoft\VisualStudio\9.0\TeamFoundation\Servers' is denied.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.UnauthorizedAccessException: Access to the registry key 'HKEY_CURRENT_USER\Software\Microsoft\VisualStudio\9.0\TeamFoundation\Servers' is denied.
ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6) that is used if the application is not impersonating. If the application is impersonating via <identity impersonate="true"/>, the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user.
To grant ASP.NET access to a file, right-click the file in Explorer, choose "Properties" and select the Security tab. Click "Add" to add the appropriate user or group. Highlight the ASP.NET account, and check the boxes for the desired access.
So the error seems very descriptive. I opened regedit and right clicked on the KEY (HKEY_CURRENT_USER\Software\Microsoft) --> Permissions --> Added user 'NETWORK SERIVCE' and granted FULL Control.
I assumed this was the user that ASP.NET was running over to access the registry.
I then tried to disable 'Include inheritable permissions from this object's parent.
This also did not work.
From within IIS Manager, under my application's authentication settings I set the 'anonymous authentication' user to my own which is in in the Administrator's group.
Nothing seems to work.
How can I resolve this issue? This is an internal tool running on our local network so I am not very concerned with security permissions at this stage. How can I grant the appropriate privileges?
Thanks!
It is hard to troubleshoot without knowing what your web application is trying to accomplish. However, I assume this is a web-base application which means you have created a db for your web. First, In your Web.config'connectionString', try using the username and password you used to login to SQL Server Management. Do not use a windows login. Second, trying running your application using F5 function key. This will start a built-in server that came with Visual Studio 2008. This does not require local IIS.
If still having problem, either post or send me your Web.config. See if I can help.
I had to set the Application Pool Identity to "LocalSystem" for this application. This allowed my application enough privileges to read the registry.