Folder access by ASP.Net application

Discussion in 'ASP .Net Security' started by CW, Sep 4, 2004.

  1. CW

    CW Guest

    I have an ASP.NET application that needs to read/write from to the IIS
    application directory and its subdirectories. The application is configured
    to use form authentication and thus it has the following entries in
    web.config:
    <authentication mode="Forms">
    <forms name="CommerceAuth" loginUrl="login.aspx"
    protection="All" path="/" />
    </authentication>
    <authorization><deny users="?" /><allow users ="*"
    /></authorization>

    Now the application runs OK on my dev box. The ASP.Net application is able
    to create file in IIS application folder and its subdirectory. However, once
    uploaded to my web host, the code that generates file on the web server IIS
    folder throws exception that essentially states that access to the directory
    is denied.

    Now my suspicion is that it has something to do with security permission
    granted to accounts used by IIS and ASP.Net. If I understand the IIS/ASP.Net
    architecture correctly, all anonymous requests are run in the context of
    IUSR* (where * is the machine name). It is then handed off to either ASPNET
    account (if IIS 5.x) or the configured worker pool account for ASP.Net
    process on IIS6 (if configured or default back to ASPNET account). Thus, if
    ASPNET account (or the worker pool account) has the necessary privilege to
    write to the particular IIS folder, then the application should be able to
    create a file in that folder. Otherwise, access would be denied.

    Can someone confirm or clarify if my understanding is correct?

    Thanks
    CW, Sep 4, 2004
    #1
    1. Advertising

  2. Hi CW,

    I would suggest you to check the security settings for the root folder
    under which you are creating the folders and files from your
    code.

    You should have the ASPNET user added to the group and should have write
    permissions.

    Hope this helps you.

    Thanks
    Raghavendra
    "CW" <> wrote in message
    news:...
    > I have an ASP.NET application that needs to read/write from to the IIS
    > application directory and its subdirectories. The application is

    configured
    > to use form authentication and thus it has the following entries in
    > web.config:
    > <authentication mode="Forms">
    > <forms name="CommerceAuth" loginUrl="login.aspx"
    > protection="All" path="/" />
    > </authentication>
    > <authorization><deny users="?" /><allow users ="*"
    > /></authorization>
    >
    > Now the application runs OK on my dev box. The ASP.Net application is able
    > to create file in IIS application folder and its subdirectory. However,

    once
    > uploaded to my web host, the code that generates file on the web server

    IIS
    > folder throws exception that essentially states that access to the

    directory
    > is denied.
    >
    > Now my suspicion is that it has something to do with security permission
    > granted to accounts used by IIS and ASP.Net. If I understand the

    IIS/ASP.Net
    > architecture correctly, all anonymous requests are run in the context of
    > IUSR* (where * is the machine name). It is then handed off to either

    ASPNET
    > account (if IIS 5.x) or the configured worker pool account for ASP.Net
    > process on IIS6 (if configured or default back to ASPNET account). Thus,

    if
    > ASPNET account (or the worker pool account) has the necessary privilege

    to
    > write to the particular IIS folder, then the application should be able to
    > create a file in that folder. Otherwise, access would be denied.
    >
    > Can someone confirm or clarify if my understanding is correct?
    >
    > Thanks
    >
    >
    Raghavendra T V, Sep 5, 2004
    #2
    1. Advertising

  3. CW

    [MSFT] Guest

    You understanding is right. When working with Form authentication, ASP.NET
    application will use the account "ASPNET" (IIS 5) or "Network service" (IIS
    6.0 ) to access the resource like file system or database. It seems the
    account on your web server didn't have enough permission to create files on
    the particular folder. You may contact the server's administrator for this.

    Luke
    [MSFT], Sep 6, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. gh0st54
    Replies:
    0
    Views:
    387
    gh0st54
    Jul 4, 2003
  2. THY
    Replies:
    3
    Views:
    2,895
    Alvin Bruney
    Oct 16, 2003
  3. Ameen
    Replies:
    3
    Views:
    3,322
    Ameen
    Oct 18, 2005
  4. IUnknown
    Replies:
    5
    Views:
    775
    Juan T. Llibre
    Jun 3, 2008
  5. Andy B
    Replies:
    1
    Views:
    927
    Munna
    Jun 24, 2008
Loading...

Share This Page