Access To The Path ... Is Denied

Discussion in 'ASP .Net' started by hufaunder@yahoo.com, Jul 20, 2006.

  1. Guest

    I have a website that uses a web service that is located on the same
    machine. This webservice calls a program which in return modifies a
    file in c:\documents and Settings\All Users\Application Data\...'.
    Unfortunately, whenever the webservice is executed I get the following
    error message:

    Access to the path 'C:\Documents and Settings\All Users\Application
    Data\...' is denied.

    Permissions for the default website (where the website and web service
    reside) include [name]\Administrators and Internet Guest Account
    ([name]\IUSR_[name]) among others.

    In directory security I have Enable anonymous access checked using User
    Name = [name]\IUSR_[name] and the password I set up for that account.
    Everything else (Integrated Windows authentication, etc) is unchecked.

    For the file and the directory it resides in I have given full access
    rights to IUSR_[name].

    File Monitor (sysinternals.com) shows process = w3wp.exe,
    Request=IRP_MJ_CREATE, Result = Access denied, Other = nt
    authority\network service

    OS is win2k3.

    What am I missing here?
    , Jul 20, 2006
    #1
    1. Advertising

  2. Hello,

    You have given full access rights to IUSR_[name] but the user account
    denied access is nt authority\network service according to FileMon.

    I believe this is your problem.


    --
    Regards,
    Kristofer Gafvert
    http://www.gafvert.info/iis/ - IIS Related Info


    wrote:

    >I have a website that uses a web service that is located on the same
    >machine. This webservice calls a program which in return modifies a
    >file in c:\documents and Settings\All Users\Application Data\...'.
    >Unfortunately, whenever the webservice is executed I get the following
    >error message:
    >
    >Access to the path 'C:\Documents and Settings\All Users\Application
    >Data\...' is denied.
    >
    >Permissions for the default website (where the website and web service
    >reside) include [name]\Administrators and Internet Guest Account
    >([name]\IUSR_[name]) among others.
    >
    >In directory security I have Enable anonymous access checked using User
    >Name = [name]\IUSR_[name] and the password I set up for that account.
    >Everything else (Integrated Windows authentication, etc) is unchecked.
    >
    >For the file and the directory it resides in I have given full access
    >rights to IUSR_[name].
    >
    >File Monitor (sysinternals.com) shows process = w3wp.exe,
    >Request=IRP_MJ_CREATE, Result = Access denied, Other = nt
    >authority\network service
    >
    >OS is win2k3.
    >
    >What am I missing here?
    Kristofer Gafvert, Jul 20, 2006
    #2
    1. Advertising

  3. Guest

    Run aspnet_regiis -i to reinstall asp.net.
    Among the other things that the tool does is to give the correct
    permissions to the correct users on the correct files and directories.

    You can avoid this problem in the future by installing IIS before
    installing the .net framework. Otherwise, you'll need to run
    aspnet_regiis -i

    Andy

    wrote:
    > I have a website that uses a web service that is located on the same
    > machine. This webservice calls a program which in return modifies a
    > file in c:\documents and Settings\All Users\Application Data\...'.
    > Unfortunately, whenever the webservice is executed I get the following
    > error message:
    >
    > Access to the path 'C:\Documents and Settings\All Users\Application
    > Data\...' is denied.
    >
    > Permissions for the default website (where the website and web service
    > reside) include [name]\Administrators and Internet Guest Account
    > ([name]\IUSR_[name]) among others.
    >
    > In directory security I have Enable anonymous access checked using User
    > Name = [name]\IUSR_[name] and the password I set up for that account.
    > Everything else (Integrated Windows authentication, etc) is unchecked.
    >
    > For the file and the directory it resides in I have given full access
    > rights to IUSR_[name].
    >
    > File Monitor (sysinternals.com) shows process = w3wp.exe,
    > Request=IRP_MJ_CREATE, Result = Access denied, Other = nt
    > authority\network service
    >
    > OS is win2k3.
    >
    > What am I missing here?
    , Jul 20, 2006
    #3
  4. Guest

    IIS has been installed before the .NET framework, I believe. In any
    case, I did re-install it again but the problem is still the same. As
    mentioned I have given full access rights to the file and containing
    folder to the user defined in the directory security dialog. Therefore,
    it seems to me that the web service and/or the program that the
    webservice executes run under a different user account. Could that be?
    If so how do I find out what user account?

    Thanks

    wrote:
    > Run aspnet_regiis -i to reinstall asp.net.
    > Among the other things that the tool does is to give the correct
    > permissions to the correct users on the correct files and directories.
    >
    > You can avoid this problem in the future by installing IIS before
    > installing the .net framework. Otherwise, you'll need to run
    > aspnet_regiis -i
    >
    > Andy
    >
    > wrote:
    > > I have a website that uses a web service that is located on the same
    > > machine. This webservice calls a program which in return modifies a
    > > file in c:\documents and Settings\All Users\Application Data\...'.
    > > Unfortunately, whenever the webservice is executed I get the following
    > > error message:
    > >
    > > Access to the path 'C:\Documents and Settings\All Users\Application
    > > Data\...' is denied.
    > >
    > > Permissions for the default website (where the website and web service
    > > reside) include [name]\Administrators and Internet Guest Account
    > > ([name]\IUSR_[name]) among others.
    > >
    > > In directory security I have Enable anonymous access checked using User
    > > Name = [name]\IUSR_[name] and the password I set up for that account.
    > > Everything else (Integrated Windows authentication, etc) is unchecked.
    > >
    > > For the file and the directory it resides in I have given full access
    > > rights to IUSR_[name].
    > >
    > > File Monitor (sysinternals.com) shows process = w3wp.exe,
    > > Request=IRP_MJ_CREATE, Result = Access denied, Other = nt
    > > authority\network service
    > >
    > > OS is win2k3.
    > >
    > > What am I missing here?
    , Jul 20, 2006
    #4
  5. A solution more specific to this problem would be to run :

    aspnet_regiis -GA <account name>

    In this case :
    aspnet_regiis -GA "nt authority\network service"

    That command will assign *all* ASP..NET 2.0 permissions needed to the account.

    If you have doubts about which account ASP.NET is running as,
    save this script as "identity.aspx", run it, and run the aspnet_regiis -ga
    command using whatever account name is returned by the script.

    identity.aspx:
    -------------
    <%@ Page Language="VB" %>
    <%@ Import NameSpace = System.Security.Principal %>
    <script runat="server">
    Sub Page_Load()
    Dim tmp As String = WindowsIdentity.GetCurrent.Name()
    Label1.Text = tmp
    End Sub
    </script>
    <html>
    <head>
    <title>WindowsIdentity.GetCurrent.Name()</title>
    </head>
    <body>
    <form id="form1" runat="server">
    <div>
    <asp:Label ID="Label1" Runat="server" Text="Label"></asp:Label>
    </div>
    </form>
    </body>
    </html>
    ---------





    Juan T. Llibre, asp.net MVP
    aspnetfaq.com : http://www.aspnetfaq.com/
    asp.net faq : http://asp.net.do/faq/
    foros de asp.net, en espaƱol : http://asp.net.do/foros/
    ===================================
    <> wrote in message
    news:...
    > Run aspnet_regiis -i to reinstall asp.net.
    > Among the other things that the tool does is to give the correct
    > permissions to the correct users on the correct files and directories.
    >
    > You can avoid this problem in the future by installing IIS before
    > installing the .net framework. Otherwise, you'll need to run
    > aspnet_regiis -i
    >
    > Andy
    >
    > wrote:
    >> I have a website that uses a web service that is located on the same
    >> machine. This webservice calls a program which in return modifies a
    >> file in c:\documents and Settings\All Users\Application Data\...'.
    >> Unfortunately, whenever the webservice is executed I get the following
    >> error message:
    >>
    >> Access to the path 'C:\Documents and Settings\All Users\Application
    >> Data\...' is denied.
    >>
    >> Permissions for the default website (where the website and web service
    >> reside) include [name]\Administrators and Internet Guest Account
    >> ([name]\IUSR_[name]) among others.
    >>
    >> In directory security I have Enable anonymous access checked using User
    >> Name = [name]\IUSR_[name] and the password I set up for that account.
    >> Everything else (Integrated Windows authentication, etc) is unchecked.
    >>
    >> For the file and the directory it resides in I have given full access
    >> rights to IUSR_[name].
    >>
    >> File Monitor (sysinternals.com) shows process = w3wp.exe,
    >> Request=IRP_MJ_CREATE, Result = Access denied, Other = nt
    >> authority\network service
    >>
    >> OS is win2k3.
    >>
    >> What am I missing here?

    >
    Juan T. Llibre, Jul 20, 2006
    #5
  6. Simon Hart Guest

    The recomended guidelines is you need to authenticate the Web Service
    request and set the Web Service to NTLM (Integrated Security) turn off
    anonymous and set <indentity impersonate="true"/> in web.config.

    Doing the above, the call will execute under the user of the authenticated
    user.

    Look at the Credentials property of the Web Service proxy if you are not
    sure how to authenticate web service calls.

    Regards
    Simon.

    <> wrote in message
    news:...
    >I have a website that uses a web service that is located on the same
    > machine. This webservice calls a program which in return modifies a
    > file in c:\documents and Settings\All Users\Application Data\...'.
    > Unfortunately, whenever the webservice is executed I get the following
    > error message:
    >
    > Access to the path 'C:\Documents and Settings\All Users\Application
    > Data\...' is denied.
    >
    > Permissions for the default website (where the website and web service
    > reside) include [name]\Administrators and Internet Guest Account
    > ([name]\IUSR_[name]) among others.
    >
    > In directory security I have Enable anonymous access checked using User
    > Name = [name]\IUSR_[name] and the password I set up for that account.
    > Everything else (Integrated Windows authentication, etc) is unchecked.
    >
    > For the file and the directory it resides in I have given full access
    > rights to IUSR_[name].
    >
    > File Monitor (sysinternals.com) shows process = w3wp.exe,
    > Request=IRP_MJ_CREATE, Result = Access denied, Other = nt
    > authority\network service
    >
    > OS is win2k3.
    >
    > What am I missing here?
    >
    Simon Hart, Jul 20, 2006
    #6
  7. Simon Hart Guest

    IUSR_MACHINENAME will only be used if anon access is turned on and
    impersonate is turned on otherwise ASPNET user account will be used (unless
    of course NTLM is used in the context of my previous post).

    General rule of thumb is to never change user permissions.

    Regards
    Simon.

    <> wrote in message
    news:...
    >I have a website that uses a web service that is located on the same
    > machine. This webservice calls a program which in return modifies a
    > file in c:\documents and Settings\All Users\Application Data\...'.
    > Unfortunately, whenever the webservice is executed I get the following
    > error message:
    >
    > Access to the path 'C:\Documents and Settings\All Users\Application
    > Data\...' is denied.
    >
    > Permissions for the default website (where the website and web service
    > reside) include [name]\Administrators and Internet Guest Account
    > ([name]\IUSR_[name]) among others.
    >
    > In directory security I have Enable anonymous access checked using User
    > Name = [name]\IUSR_[name] and the password I set up for that account.
    > Everything else (Integrated Windows authentication, etc) is unchecked.
    >
    > For the file and the directory it resides in I have given full access
    > rights to IUSR_[name].
    >
    > File Monitor (sysinternals.com) shows process = w3wp.exe,
    > Request=IRP_MJ_CREATE, Result = Access denied, Other = nt
    > authority\network service
    >
    > OS is win2k3.
    >
    > What am I missing here?
    >
    Simon Hart, Jul 20, 2006
    #7
  8. Guest

    Thanks for the input. If I turn on integrated security the user will
    have to log in before using the webservice. At least that is from my
    limited experience. I do not want that the user has to login, though.
    So how can I do this. Note that I have the following

    1) in web.config <authentication mode="Windows"/>
    2) in web.config <identity impersonate="true"/>
    3) in IIS "Enable anonymous access" unchecked
    4) in IIS "Integrated Windows authentication" enabled.

    BTW, what is 1) and 4) the same and it just can be configured at
    different places?

    Thanks
    Simon Hart wrote:
    > The recomended guidelines is you need to authenticate the Web Service
    > request and set the Web Service to NTLM (Integrated Security) turn off
    > anonymous and set <indentity impersonate="true"/> in web.config.
    >
    > Doing the above, the call will execute under the user of the authenticated
    > user.
    >
    > Look at the Credentials property of the Web Service proxy if you are not
    > sure how to authenticate web service calls.
    >
    > Regards
    > Simon.
    >
    > <> wrote in message
    > news:...
    > >I have a website that uses a web service that is located on the same
    > > machine. This webservice calls a program which in return modifies a
    > > file in c:\documents and Settings\All Users\Application Data\...'.
    > > Unfortunately, whenever the webservice is executed I get the following
    > > error message:
    > >
    > > Access to the path 'C:\Documents and Settings\All Users\Application
    > > Data\...' is denied.
    > >
    > > Permissions for the default website (where the website and web service
    > > reside) include [name]\Administrators and Internet Guest Account
    > > ([name]\IUSR_[name]) among others.
    > >
    > > In directory security I have Enable anonymous access checked using User
    > > Name = [name]\IUSR_[name] and the password I set up for that account.
    > > Everything else (Integrated Windows authentication, etc) is unchecked.
    > >
    > > For the file and the directory it resides in I have given full access
    > > rights to IUSR_[name].
    > >
    > > File Monitor (sysinternals.com) shows process = w3wp.exe,
    > > Request=IRP_MJ_CREATE, Result = Access denied, Other = nt
    > > authority\network service
    > >
    > > OS is win2k3.
    > >
    > > What am I missing here?
    > >
    , Jul 21, 2006
    #8
  9. shijobaby

    Joined:
    Dec 15, 2009
    Messages:
    7
    If your web service anonymous authentication is


    turned off you must enable that

    Otherwise you have to pass username and password
    shijobaby, Feb 6, 2010
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Theerachet Pratoommanee

    Access to the path is denied

    Theerachet Pratoommanee, Dec 30, 2003, in forum: ASP .Net
    Replies:
    1
    Views:
    8,364
    Sachin Kharsani[MSFT]
    Dec 30, 2003
  2. cg
    Replies:
    0
    Views:
    468
  3. S. Justin Gengo
    Replies:
    0
    Views:
    853
    S. Justin Gengo
    Jul 14, 2003
  4. Jay
    Replies:
    2
    Views:
    1,081
  5. Kent Tegels
    Replies:
    0
    Views:
    224
    Kent Tegels
    Aug 26, 2004
Loading...

Share This Page