Appreciate if someone could point to the right answer on how to overcome this error. By clicking the Button3, the
ExportedFilePDF.pdf should be copied to the \\presario remote machine. So far, no security issue on the same configuration in IIS6 + W2K3.
Protected Sub Button3_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles Button3.Click
Try
File.Copy("C:\BackOffice\Export\ExportedFilePDF.pdf", "\\presario\FaxServer\Outbox\ExportedFilePDF.pdf", True)
Catch ex As Exception
Response.Write("Error copying file | " & ex.ToString)
End Try
End Sub
The browser will generate this error message when the Button3 is clicked.
Error copying file | System.UnauthorizedAccessException: Access to the path '\\presario\FaxServer\Outbox\ExportedFilePDF.pdf' is denied. at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.File.InternalCopy(String sourceFileName,
String destFileName, Boolean overwrite) at Test5.Button3_Click(Object sender, EventArgs e)
I might overlooked on IIS 7 setting but just don't know which configuration parameters should I touch for now. Thanks.
IIS 7 & W2K8 - Access to path is denied. File copy.
Today, I managed to move this project development to W2K8 + IIS7 + VS2008, then found no unauthorized access (the pdf is successfullly copied to the remote folder) if debugging run through VS or localhost
http://localhost:49264/BackOffice/test5.aspx. However, still encountering the unathorized access message if access it through the published website or
http://192.168.169.167/BackOffice/test5.aspx.
It might related to remote access permission on workgroup environment but why does the copy only working on debugging mode, not on published mode?
Based on the description, it's probably caused by the permission issues. As you know, when you debug in Visual Studio, the ASP.NET application is running under a logged-on system account(when you're in a domain, it's probably a domain user). If allowed,
it can do file operations in a remote machine.
However, it's different with running ASP.NET application in IIS. By default, it's running under ASPNET in IIS 5 or Network Service in IIS 6/7. The account has no permissions to access remote resources. Since you need to copy a file to a remote machine, you
have to grant the account(Network Service) required permissions in the remote machine. Then you can do file operations. But I don't recommend you to do that. It's better to programmatically impersonate a domain user when necessary. In this case, you will have
no need to configurate in the remote server.
For impersonating a user programmatically, you could check this link:
I've tried creating an account (IUSR) in both machines (server and remote), shared path mapping is writeable from server, but still trigger the access denied message from the ASP application even the access has been given to these ASP.net, NETWORK, NETWORK
SERVICE, IUSR, SYSTEM, Everyone and Administrators accounts. Have I overlooked on any special security setting in IIS7 or W2K8?
Or I might look on impersonating one day, will update you on this. However, can it be done on 'Form authentication mode'?
Based on my test, you could choose either of these two ways. The recommended one is to use a domain user. As mentioned above, you could use impersonation programmatically. The second one is also suitable if you're not familiar with impersonation. I tested
it and everything works well. Here're the steps:
<div mce_keep="true">Step 1. Create a system user e.g. ForASPNET on the machine which hosts the ASP.NET application.</div>
<div mce_keep="true">Step 2. Grant the same permissions like ASP.NET built-in account Network Service. You could start the Visual Studio Command Prompt and run this command "aspnet_regiis -ga ForASPNET".</div>
<div mce_keep="true">Step 3. Create a system user in the shared server with the SAME name and password.</div>
<div mce_keep="true">Step 4. Grant the permissions to the shared file to the user ForASPNET.</div>
<div mce_keep="true">Step 5. Set the Identity as ForASPNET in the ApplicationPool which the ASP.NET application is running under.</div>
After these steps, you could resolve the problem.
Thanks.
Please mark the replies as answers if they help or unmark if not.
If you have any feedback about my replies, please contact msdnmg@microsoft.com
The step from 1 to 4 are straight forward, step 5 will be a bit tricky on IIS7(if you are not familiar yet). No useful article found from the net on the step 5. However, this link at least will guide you through.
My application manages files on the server file system (insert, update, delete) I just made a migration from win 2003 to 2008 R2 and found access denied errors on deletes.
After some searching I found there is a function for IIS7.5 that uses the AppPool identity for security. This isn't a real user account it's a 'virtual account' that the AppPool uses. New files had the account but when I tried to add it to a file or folder
the account doesn't exist when you 'check names' in the security dialog box. Confusing...
Gregale.net
Participant
1268 Points
312 Posts
IIS 7 & W2K8 - Access to path \\remotewinXP\folder\ is denied. No error on IIS 6 & W2K3 hosting. ...
Nov 17, 2008 09:15 AM|LINK
Hi,
Appreciate if someone could point to the right answer on how to overcome this error. By clicking the Button3, the ExportedFilePDF.pdf should be copied to the \\presario remote machine. So far, no security issue on the same configuration in IIS6 + W2K3.
Protected Sub Button3_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles Button3.Click
Try
File.Copy("C:\BackOffice\Export\ExportedFilePDF.pdf", "\\presario\FaxServer\Outbox\ExportedFilePDF.pdf", True)
Catch ex As Exception
Response.Write("Error copying file | " & ex.ToString)
End Try
End Sub
The browser will generate this error message when the Button3 is clicked.
Error copying file | System.UnauthorizedAccessException: Access to the path '\\presario\FaxServer\Outbox\ExportedFilePDF.pdf' is denied. at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.File.InternalCopy(String sourceFileName, String destFileName, Boolean overwrite) at Test5.Button3_Click(Object sender, EventArgs e)
I might overlooked on IIS 7 setting but just don't know which configuration parameters should I touch for now. Thanks.
IIS 7 & W2K8 - Access to path is denied. File copy.
Gregale.net
Participant
1268 Points
312 Posts
Re: IIS 7 & W2K8 - Access to path \\remotewinXP\folder\ is denied. No error on IIS 6 & W2K3 hosti...
Nov 18, 2008 02:31 AM|LINK
Today, I managed to move this project development to W2K8 + IIS7 + VS2008, then found no unauthorized access (the pdf is successfullly copied to the remote folder) if debugging run through VS or localhost http://localhost:49264/BackOffice/test5.aspx. However, still encountering the unathorized access message if access it through the published website or http://192.168.169.167/BackOffice/test5.aspx.
It might related to remote access permission on workgroup environment but why does the copy only working on debugging mode, not on published mode?
Appreciate any suggestion [Idea]
Wencui Qian ...
All-Star
56784 Points
5796 Posts
Microsoft
Re: IIS 7 & W2K8 - Access to path \\remotewinXP\folder\ is denied. No error on IIS 6 & W2K3 hosti...
Nov 20, 2008 05:26 AM|LINK
Hi Gregale.net,
Based on the description, it's probably caused by the permission issues. As you know, when you debug in Visual Studio, the ASP.NET application is running under a logged-on system account(when you're in a domain, it's probably a domain user). If allowed, it can do file operations in a remote machine.
However, it's different with running ASP.NET application in IIS. By default, it's running under ASPNET in IIS 5 or Network Service in IIS 6/7. The account has no permissions to access remote resources. Since you need to copy a file to a remote machine, you have to grant the account(Network Service) required permissions in the remote machine. Then you can do file operations. But I don't recommend you to do that. It's better to programmatically impersonate a domain user when necessary. In this case, you will have no need to configurate in the remote server.
For impersonating a user programmatically, you could check this link:
http://forums.asp.net/p/1347272/2756134.aspx#2756134
Thanks.
If you have any feedback about my replies, please contact msdnmg@microsoft.com
Microsoft One Code Framework
Gregale.net
Participant
1268 Points
312 Posts
Re: IIS 7 & W2K8 - Access to path \\remotewinXP\folder\ is denied. No error on IIS 6 & W2K3 hosti...
Nov 24, 2008 01:56 AM|LINK
Thanks wencui,
I've tried creating an account (IUSR) in both machines (server and remote), shared path mapping is writeable from server, but still trigger the access denied message from the ASP application even the access has been given to these ASP.net, NETWORK, NETWORK SERVICE, IUSR, SYSTEM, Everyone and Administrators accounts. Have I overlooked on any special security setting in IIS7 or W2K8?
Or I might look on impersonating one day, will update you on this. However, can it be done on 'Form authentication mode'?
Wencui Qian ...
All-Star
56784 Points
5796 Posts
Microsoft
Re: IIS 7 & W2K8 - Access to path \\remotewinXP\folder\ is denied. No error on IIS 6 & W2K3 hosti...
Nov 24, 2008 06:20 AM|LINK
Thanks for your followup Gregale.net.
Based on my test, you could choose either of these two ways. The recommended one is to use a domain user. As mentioned above, you could use impersonation programmatically. The second one is also suitable if you're not familiar with impersonation. I tested it and everything works well. Here're the steps:
After these steps, you could resolve the problem.
Thanks.
If you have any feedback about my replies, please contact msdnmg@microsoft.com
Microsoft One Code Framework
Gregale.net
Participant
1268 Points
312 Posts
Re: IIS 7 & W2K8 - Access to path \\remotewinXP\folder\ is denied. No error on IIS 6 & W2K3 hosti...
Nov 25, 2008 12:54 AM|LINK
Now, the file is copied successfully.
Thanks wencui. You are my man.
For anyone out there,
The step from 1 to 4 are straight forward, step 5 will be a bit tricky on IIS7(if you are not familiar yet). No useful article found from the net on the step 5. However, this link at least will guide you through.
http://www.developer.com/net/asp/article.php/2245511
dankeshoon!
Wencui Qian ...
All-Star
56784 Points
5796 Posts
Microsoft
Re: IIS 7 & W2K8 - Access to path \\remotewinXP\folder\ is denied. No error on IIS 6 & W2K3 hosti...
Nov 25, 2008 01:26 AM|LINK
Glad to hear that it can help you. For IIS 7, you could reset the ApplicationPool Identity step by step.
Thanks.
If you have any feedback about my replies, please contact msdnmg@microsoft.com
Microsoft One Code Framework
regey
Member
2 Points
1 Post
Re: IIS 7 & W2K8 - Access to path \\remotewinXP\folder\ is denied. No error on IIS 6 & W2K3 hosti...
Aug 22, 2009 08:54 AM|LINK
it's very helpful, thanks a lot
JonF
Member
59 Points
33 Posts
Re: IIS 7 & W2K8 - Access to path \\remotewinXP\folder\ is denied. No error on IIS 6 & W2K3 hosti...
Oct 04, 2010 09:18 PM|LINK
My application manages files on the server file system (insert, update, delete) I just made a migration from win 2003 to 2008 R2 and found access denied errors on deletes.
After some searching I found there is a function for IIS7.5 that uses the AppPool identity for security. This isn't a real user account it's a 'virtual account' that the AppPool uses. New files had the account but when I tried to add it to a file or folder the account doesn't exist when you 'check names' in the security dialog box. Confusing...
Then I found this: http://learn.iis.net/page.aspx/624/application-pool-identities/
You have to manually add the whole account information: i.e.: iis AppPool\<name> and then give the account 'modify' access for it to work.
I'd like to reset the inheritance on the whole directory but I've not found a good way to handle this.
Has anyone found a way to handle this without resetting security permissions?