Permissions on new Text File - IIS6 and Windows authentication.



The answer to this ASP.NET question might be informed by insight from the
IIS community - thus posted to both groups.

I have an ASP.NET 2.0 app that runs on a private corporate Intranet on a
Windows Server 2003 [email protected] server, running IIS6. The Web site site is set up to
use Windows authentication.

This application writes short entries to a text file for logging purposes.
The log file writing logic checks the size of the log file. When the log
file gets too big, it renames the current log file for purposes of archiving
it, and then creates a new log file.

The problem I am finding is that the new log file cannot be written to by
the ASP.NET Web app. File permissions are not adequate. To resolve I have
been manually adding the permissions to the file for the ASPNET account and
for the NETWORKSERVICE account.

I would think that ASP.NET created the file - so it should be able to write
to it.

Question: What can I do to have the permissions - required by ASP.NET -
automatically granted on the text log file that is created by ASP.Net?

An interesting and relevant observation is that the user who was using the
ASP.NET Web application does in fact have permissions to the file. To be
clear, when the application was choking on the file due to insufficient
permissions, the file permissions showed the user [who was using the
application when the new file was created] to have permissions on the file -
with permissions viewed through the file properties dialog, security tab, in
Windows Explorer.

The reason I am confident that the user to whom permissions were directly
and automatically assigned was the user who was using the app when the new
log file was created - is because the log entries in the file include the
current user ID... and the only entries in the new log file were for the
same user ID to which NTFS permissions were automatically assigned.




Hi Mark,

It seems that you have done most of the things correct. However, ASP.NET
Application hosted on IIS runs under a specific identity. In your case the
identity is "Network Service".

Please do the following steps:

1. Make sure the directory (under which log file is being written) has the
properties inherited by its sub-folders.
2. Make sure the directory (as defined in Step 1) has proper rights given to

Please let me know if it helps.


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question