Problem writing to c:\windows\temp when using an application pool


C

cowznofsky

I have an asp.net web service, and I want to run it using an
application pool with a specific identity.
I followed the instructions here,

http://msdn.microsoft.com/en-us/library/ms998297.aspx

which indicate that write permissions have to be granted for a temp
folder under windows\microsoft.net.

But, when I try to use the service, most methods work (basically just
database calls), but one fails with the error:
"Unable to generate a temporary class [result=1] error CS2001: Source
file 'C:\\Windows\TEMP\8sbwhwxy.0.cs' could not be found."

So it seems I need write permissions to that folder as well? If I run
the service with the default account, on an account that is more
privileged, then I don't get the error.
 
Ad

Advertisements

J

Juan T. Llibre

re:
!> So it seems I need write permissions to that folder as well?

Yes, the account ASP.NET runs as needs permissions both to
the Windows temp folder and to the Temporary ASP.NET folder.

Here's the complete list of directories for which the ASP.NET account needs ACL permissions :

http://msdn.microsoft.com/en-us/library/kwzs111e.aspx

If you're running ASP.NET 2.0 or above,
you can assign the required permissions with the command :

aspnet_regiis -GA MachineName\Account





Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
=========================
 
C

cowznofsky

re:
!> So it seems I need write permissions to that folder as well?

Yes, the account ASP.NET runs as needs permissions both to
the Windows temp folder and to the Temporary ASP.NET folder.

Here's the complete list of directories for which the ASP.NET account needs ACL permissions :

http://msdn.microsoft.com/en-us/library/kwzs111e.aspx

If you're running ASP.NET 2.0 or above,
you can assign the required permissions with the command :

aspnet_regiis -GA MachineName\Account

Juan T. Llibre, asp.net MVP
asp.net faq :http://asp.net.do/faq/



I have an asp.net web service, and I want to run it using an
application pool with a specific identity.
I followed the instructions here,

which indicate that write permissions have to be granted for a temp
folder under windows\microsoft.net.
But, when I try to use the service, most methods work (basically just
database calls), but one fails with the error:
"Unable to generate a temporary class [result=1] error CS2001:  Source
file 'C:\\Windows\TEMP\8sbwhwxy.0.cs' could not be found."
So it seems I need write permissions to that folder as well? If I run
the service with the default account, on an account that is more
privileged, then I don't get the error.- Hide quoted text -

- Show quoted text -

Thanks for that link.

However, that command (also referenced in the link in my post) didn't
do the trick for c:\windows\temp. I had to add permissions for the
IIS_WPG group to that folder myself.
 
J

Juan T. Llibre

re:
!> Thanks for that link.

You're quite welcome.
That page saved my bacon once...and has saved a lot of other people's bacon since.

re:
!> If I run the service with the default account, on an
!> account that is more privileged, then I don't get the error.

Why do you need to run the service on an account other than NT AUTHORITY\NETWORK SERVICE ?

re:
!> I had to add permissions for the IIS_WPG group to that folder myself.

Interesting.
I'm working with the default account (NETWORK SERVICE), so I never noticed that.




Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
=========================
re:
!> So it seems I need write permissions to that folder as well?

Yes, the account ASP.NET runs as needs permissions both to
the Windows temp folder and to the Temporary ASP.NET folder.

Here's the complete list of directories for which the ASP.NET account needs ACL permissions :

http://msdn.microsoft.com/en-us/library/kwzs111e.aspx

If you're running ASP.NET 2.0 or above,
you can assign the required permissions with the command :

aspnet_regiis -GA MachineName\Account

Juan T. Llibre, asp.net MVP
asp.net faq :http://asp.net.do/faq/



I have an asp.net web service, and I want to run it using an
application pool with a specific identity.
I followed the instructions here,

which indicate that write permissions have to be granted for a temp
folder under windows\microsoft.net.
But, when I try to use the service, most methods work (basically just
database calls), but one fails with the error:
"Unable to generate a temporary class [result=1] error CS2001: Source
file 'C:\\Windows\TEMP\8sbwhwxy.0.cs' could not be found."
So it seems I need write permissions to that folder as well? If I run
the service with the default account, on an account that is more
privileged, then I don't get the error.- Hide quoted text -

- Show quoted text -

Thanks for that link.

However, that command (also referenced in the link in my post) didn't
do the trick for c:\windows\temp. I had to add permissions for the
IIS_WPG group to that folder myself.
 
Ad

Advertisements

C

cowznofsky

re:
!> Thanks for that link.

You're quite welcome.
That page saved my bacon once...and has saved a lot of other people's bacon since.

re:
!> If I run the service with the default account, on an
!> account that is more privileged, then I don't get the error.

Why do you need to run the service on an account other than NT AUTHORITY\NETWORK SERVICE ?

re:
!> I had to add permissions for the IIS_WPG group to that folder myself.

Interesting.
I'm working with the default account (NETWORK SERVICE), so I never noticed that.

Juan T. Llibre, asp.net MVP
asp.net faq :http://asp.net.do/faq/

re:
!> So it seems I need write permissions to that folder as well?
Yes, the account ASP.NET runs as needs permissions both to
the Windows temp folder and to the Temporary ASP.NET folder.
Here's the complete list of directories for which the ASP.NET account needs ACL permissions :

If you're running ASP.NET 2.0 or above,
you can assign the required permissions with the command :
aspnet_regiis -GA MachineName\Account
Juan T. Llibre, asp.net MVP
asp.net faq :http://asp.net.do/faq/
I have an asp.net web service, and I want to run it using an
application pool with a specific identity.
I followed the instructions here,
http://msdn.microsoft.com/en-us/library/ms998297.aspx
which indicate that write permissions have to be granted for a temp
folder under windows\microsoft.net.
But, when I try to use the service, most methods work (basically just
database calls), but one fails with the error:
"Unable to generate a temporary class [result=1] error CS2001: Source
file 'C:\\Windows\TEMP\8sbwhwxy.0.cs' could not be found."
So it seems I need write permissions to that folder as well? If I run
the service with the default account, on an account that is more
privileged, then I don't get the error.- Hide quoted text -
- Show quoted text -

Thanks for that link.

However, that command (also referenced in the link in my post) didn't
do the trick for c:\windows\temp.  I had to add permissions for the
IIS_WPG group to that folder myself.- Hide quoted text -

- Show quoted text -

The reason for using another account is that I'm using Windows
Authentication to connect to SQLServer. My thought was to create a
domain\user account specifically for this purpose, grant access in
SQLServer, and run the services under this account.

If it's a better practice to grant access specifically to the machine
account, then I would certainly welcome this point of view.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top