Upload Permissions

[Wayne Wengert]

I am trying to execute a file upload of a file but I ghet the error shown
below. I do have MyMachine\ASPNET permission set but I am using IIS6 and
the error information indicates that the base process identity is "Network
Service" in that case but I cannot find any such identity? How can I grand
the necessary access?

Wayne

============================================================
Exception Details: System.UnauthorizedAccessException: Access to the path
"C:\Banner.NET\images\banners\xtb_banner.swf" is denied.

ASP.NET is not authorized to access the requested resource. Consider
granting access rights to the resource to the ASP.NET request identity.
ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 or
Network Service on IIS 6) that is used if the application is not
impersonating. If the application is impersonating via <identity
impersonate="true"/>, the identity will be the anonymous user (typically
IUSR_MACHINENAME) or the authenticated request user.

To grant ASP.NET write access to a file, right-click the file in Explorer,
choose "Properties" and select the Security tab. Click "Add" to add the
appropriate user or group. Highlight the ASP.NET account, and check the
boxes for the desired access.

 

[Niraj Ranka]

Hello,

Which Operating system u r using?
Also u will get the Network Services in it... try to search out using
advanced option.

 

[Wayne Wengert]

I am running on WinXP Pro

Wayne

Hello,

Which Operating system u r using?
Also u will get the Network Services in it... try to search out using
advanced option.

 

[dimpy]

I am not 100% sure but whenever I have such access problems I insert
the line <identity impersonate="true"/> in my project's web.config
file. Try doing that and see if it works.

Regards,
Dimpy

 

[Wayne Wengert]

Interesting - I'll give it a try

Wayne

 

[Wayne Wengert]

Where in the Web.Config file do you put that?

Wayne

 

[Juan T. Llibre]

Anywhere inside the <system.web> section.

A warning : while that might certainly solve your problem,
it may bring on other, less obvious, problems, too, like
an account which you don't know having access permissions
to a lot of directories.

What you really should do is detect the account ASP.NET is running as,
and give *that* account the necessary permissions, instead of impersonating
an account which might be a security risk.

Save the following as identity.aspx and run it.

identity.aspx
-------------------
<%@ Page Language="VB" %>
<%@ Import NameSpace = System.Security.Principal %>
<script runat="server">
Sub Page_Load()
Dim tmp As String = WindowsIdentity.GetCurrent.Name()
Label1.Text = tmp
End Sub
</script>
<html>
<head>
<title>WindowsIdentity.GetCurrent.Name()</title>
</head>
<body>
<form id="form1" runat="server">
<div>
<asp:Label ID="Label1" Runat="server" Text="Label"></asp:Label>
</div>
</form>
</body>
</html>
------------------

When you run that file, it will return the current ASP.NET identity,
i.e., the account ASP.NET is running as.

Give *that* account the permissions you need,
instead of blindly impersonating an unknown account.