File Permissions and Impersonation

S

Steve Winter

Hi,

We have a number of websites running on an IIS6 server all running under
their own seperate Anonymous Web account and ASP.Net is configured to
Impersonate this account for each site for file system security reasons. The
problem comes however when one client needs to write files to their folders
and we receive the following error:

Server Error in '/' Application.
--------------------------------------------------------------------------------

Could not find a part of the path "c:\".
Description: An unhandled exception occurred during the execution of the
current web request. Please review the stack trace for more information
about the error and where it originated in the code.

Exception Details: System.IO.DirectoryNotFoundException: Could not find a
part of the path "c:\".

I can get around this error by adding read permissions for all folders from
the drive root to the website directory ie. c:\ and c:\websites and
c:\website1 but this means that the client is now able to read the complete
file structure to their website which and other sites! Does anyone know of a
way of resolving this security issue?

Thanks - Steven
 
L

Lars-Erik Aabech

Hi!

I'm sure you have your reasons for impersonating some other anonymous user
than the default one...
Can you configure the page that has to read something from C: to run under
the privileges of a more privileged user?
Check out the information here about configuring single pages:
http://msdn.microsoft.com/library/en-us/cpgenref/html/gngrflocationelement.asp?frame=true
Here for impersonation:
http://msdn.microsoft.com/library/en-us/cpgenref/html/gngrfIdentitySection.asp?frame=true
And here on how to put the password in secure storage:
http://support.microsoft.com/default.aspx?scid=kb;en-us;329290

HTH,
Lars-Erik
 
S

Steve Winter

Basically all I want to do is to make sure that the one website can write to
it's own folders but for some strange reason I'm getting ACCESS DENIED
errors (using FileMon to debug) for all directories from the drive root to
the website itself. I would have though that just providing Write access to
the relevant folder in the website should be enough without having to give
read access as well to all folders up from the website to the drive root ?!
 
L

Lars-Erik Aabech

OK, I think you might get what you want if you remove all impersonation
(don't use <impersonate> in web.config) and then give the ASPNET user write
access on the folder in question.

Lars-Erik
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Impersonation / CreateProcessAsUserW Permissions 0
IIS Management and ASP.Net Impersonation 5
impersonation 3
File Upload Folder Permissions 5
Permissions on new Text File - IIS6 and Windows authentication. 1
Impersonation 1
file upload permissions issue 0
Unspecified error - Permissions 16

Members online

No members online now.
Total: 28 (members: 0, guests: 28)
Robots: 93

Forum statistics

Threads
473,780
Messages
2,569,611
Members
45,280
Latest member
BGBBrock56

Latest Threads

Top