impersonation

[Bad Beagle]

IIS 6.0

Our developer created a asp.net application. I keep getting an error on the
website:

Exception Details: System.UnauthorizedAccessException: Access to the path
"D:\Websites\intradev\peoplefind_net\csv\20050428103335.csv" is denied.

I have used filemon and found that it is trying to access that directory
structure using nt authority\network service. I need it to use the local
aspnet account. How can I force it to use the aspnet account?

 

[Brock Allen]

If you are running in IIS6, then by default your code is running as "Network
Service". You can change the security DACL on the target file to allow MACHINENAME$
access tot he file and it should work for you. The ASPNET account is only
used (again, by default) when you're running on an IIS5 or 5.1 box -- so
Windows 2000 or XP. If you really want your application in IIS6 to run as
ASPNET, you can change the identity in the IIS admin tool for the AppPool
that your app has been configured as. But every other app in the same AppPool
will also be affected. If you choose this approach, then you might want to
create a seperate AppPool specifically for your application.

 

[Dominick Baier [DevelopMentor]]

Hello Brock,

Machine$ is only relevant if you are accessing remote files. You can indeed
ACL local files directly with "NT AUTHORITY\NETWORK SERVICE"

 

[Brock Allen]

Machine$ is only relevant if you are accessing remote files. You can

indeed ACL local files directly with "NT AUTHORITY\NETWORK SERVICE"

Oh good point. For some reason I just assumed he was accessing a network
share, but a mapped drive wouldn't make any sense from ASP.NET anyway. Duh.

Yeah, listen to what Dom says -- he knows best

 

[Bad Beagle]

Thanks guys!

Oh good point. For some reason I just assumed he was accessing a network
share, but a mapped drive wouldn't make any sense from ASP.NET anyway.
Duh.

Yeah, listen to what Dom says -- he knows best