Need help fixing File Delete permission issues! (I'm loosing my hair!)

Discussion in 'ASP .Net' started by darrel, Jun 1, 2006.

  1. darrel

    darrel Guest

    I know I'm sounding like a broken record. I already asked this question last
    week.

    Alas, this question seems to be getting very few responses no matter how I
    word it or where I post it. Apparently, this is a rather rare occurance (or
    maybe people just don't like me...both pluasible theories... ;o)

    So, anyways, I'll post it in here one last time as a hail marry...

    I'm building an application that can manage some images that are uploaded.
    You can upload them, save them, and delete them.

    I'm having problems with the delete portion. My directory structure is such:

    approot (folder)
    images (folder)
    deleteTest (aspx page)
    admin (forms authenticated folder)
    delete (aspx page)

    both 'delete' and 'deleteTest' pages in my sample above use the exact same
    syntax to delete a file within the images folder.

    'deleteTest' does it just fine. 'delete' on the other hand, prompts me for a
    username/password then tells me permission is denied on the /images folder.

    On both pages, I'm writing out the user information. BOTH pages return the
    exact same information:

    Page.User.Identity.Name: testlogin
    System.Security.Principal.WindowsIdentity.GetCurrent().Name:
    WIN17\abernath
    System.Threading.Thread.CurrentPrincipal.Identity.Name: testlogin

    'testlogin' is blank on the 'deleteTest' page if I haven't yet logged in.
    Either way, though, that page can delete files just fine.

    So, I'm stumped. It appears both threads are running as the same user, but
    if I run the function from within my authenticated error, I'm denied access.

    My web host claims all appropriate permissions are set.

    Some theories I've gotten from others:

    - I need to impersonate (though impersonate what? ASPNET?)
    - I need to allow the server to grant permission to authetnicated users
    (can I do that via my app, or would that be something the web
    host always has to set up manually?)
    - ???

    I'm at the point where I'm just going to do a really hacky workaround:

    I'll have a 'deleteConfirm' page OUTSIDE my authenticated folder. From
    within my authenticated folder, when someone clicks DELETE, the image
    information to delete will be saved in a DB table, then the page will
    redirect to the 'deleteConfirm' page which will then look into that same
    table and if it sees any data, will grab it, delete the images, then delete
    the data. Seems OK, but, obviously, an insane workaround. ;o)

    Is there anyone with IIS/asp.net/permission experience that could shed some
    light on this problem for me?

    Thanks!
    darrel, Jun 1, 2006
    #1
    1. Advertising

  2. darrel

    darrel Guest

    Alternatively, anyone recommend any other places to ask a question like
    this? I've had zero luck getting a response to this one particular question
    in here so I assume this might be a niche issue best served by some security
    or IIS forum/newsgroup?

    -Darrel
    darrel, Jun 2, 2006
    #2
    1. Advertising

  3. You might want to try posting in the Security Forum at www.asp.net :

    http://forums.asp.net/25/ShowForum.aspx




    Juan T. Llibre, asp.net MVP
    aspnetfaq.com : http://www.aspnetfaq.com/
    asp.net faq : http://asp.net.do/faq/
    foros de asp.net, en español : http://asp.net.do/foros/
    ===================================
    "darrel" <> wrote in message news:%...
    > Alternatively, anyone recommend any other places to ask a question like this? I've had zero luck
    > getting a response to this one particular question in here so I assume this might be a niche issue
    > best served by some security or IIS forum/newsgroup?
    >
    > -Darrel
    >
    Juan T. Llibre, Jun 2, 2006
    #3
  4. darrel

    Darrel Guest

    > You might want to try posting in the Security Forum at www.asp.net :
    >
    > http://forums.asp.net/25/ShowForum.aspx


    Thanks. Alas, I've tried that as well with no real responses either. The two
    theories that came from there are:

    - the authetnicated user doesn't have IIS permissions
    - I need to impersonate

    If the first is true, that's a big problem, as I don't want people to have
    to deal with their web host every time they add a new user to the system
    that needs IIS permissions as well.

    If the second is true, no one has been able to explain how I'd do that.
    Sounds like I'd need to impersonate the default ASPNET user, which seems
    backwords from what impersonation actually is (to NOT run as the default
    ASPNET user.)

    -Darrel
    Darrel, Jun 2, 2006
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Saravana
    Replies:
    0
    Views:
    486
    Saravana
    Jul 11, 2003
  2. Domino
    Replies:
    5
    Views:
    371
    dorayme
    Nov 5, 2006
  3. rogerp
    Replies:
    0
    Views:
    528
    rogerp
    Mar 22, 2009
  4. rogerp
    Replies:
    0
    Views:
    567
    rogerp
    Mar 22, 2009
  5. Nicolas
    Replies:
    0
    Views:
    703
    Nicolas
    Apr 24, 2009
Loading...

Share This Page